The Reserve Bank – Te Pūtea Matua has finalised its guidance on what regulated entities should consider when building their cyber resilience.
The guidance outlines the Reserve Bank's expectations around cyber resilience, and draws heavily from leading international and national cybersecurity standards and guidelines. The guidance applies to all entities the Reserve Bank regulates, including registered banks, licensed non-bank deposit takers, licensed insurers and designated financial market infrastructures
The finalised guidance on cyber resilience aims to raise awareness of, and ultimately promote, the cyber resilience of the financial sector, especially at the board and senior management level of regulated entities.
The guidance provides high-level principle-based recommendations for entities and primarily serves as an overarching framework for the governance and management of cyber risk, which entities can tailor to their own specific needs and technologies, rather than as an explicitly detailed or technical set of instructions.
The intention is to illustrate current best practice and encourage continual improvement beyond these practices into all areas where entities can further strengthen their cyber resilience.
The recent illegal data breach of a third party file sharing application used by the Reserve Bank is a timely reminder of the risks associated with managing and sharing information, Deputy Governor and General Manager of Financial Stability Geoff Bascand says.
As part of the investigation into the breach the Bank appointed KPMG to undertake an independent review of its systems and processes. This report is due to be published in early May and we are committed to continuing our own improvements in this area and sharing any relevant lessons with the firms that we regulate.
