Reserve Bank releases guidance on cyber resilience

It is open for feedback

Reserve Bank releases guidance on cyber resilience

Organisations went digital amid the COVID-19 pandemic, which pushed many cyber attackers and scammers to take advantage of the current working environment. With that in mind, the Reserve Bank of New Zealand (RBNZ) – Te PÅ«tea Matua has released draft guidance on what regulated entities must consider when managing cyber resilience.

The draft guidance, which is open for feedback, details the RBNZ's expectations around cyber resilience. It draws heavily from leading national and international cybersecurity standards and guidelines.

“As cyber risk continues to rise, there is growing awareness that cyber incidents could present risks to the stability of the entire financial system. Improving cyber resilience has become a key priority for prudential regulators around the world,” said Geoff Bascand, the deputy governor and general manager of financial stability at RBNZ.

“Last November, we announced an evolution in our policy stance towards taking a more proactive interest in improving the cyber resilience of the financial sector in New Zealand. The spate of cyberattacks across New Zealand earlier this year was a reminder of the disruption that they can cause and shows the importance of taking an increasing proactive role in improving the cyber resilience of New Zealand's financial sector.”

Read more: Kiwis remain keen on climbing the property ladder

The consultation document presents draft cyber risk management guidance that would apply to all of RBNZ's regulated entities, such as registered banks, licensed non-bank deposit takers, licensed insurers, and designated financial market infrastructures.

The consultation paper also seeks feedback on how information gathering and sharing by the RBNZ with relevant public sector bodies can help to build cyber resilience.

”We recognise that managing cyber resilience is a shared responsibility and that it is important to collaborate and coordinate with all relevant stakeholders,” Bascand said.

“The proposed guidance and our information collection plans have been designed to complement the work of other government agencies with a direct interest in promoting cyber resilience in the financial sector – including the Financial Markets Authority, the National Cyber Security Centre, and the Computer Emergency Response Team.”

The consultation is open for 14 weeks and closes on January 29, 2021. The RBNZ will release the final guidance early next year.

RELATED ARTICLES