Feedback Sought On Plans To Build Cyber Resilience
The Reserve Bank of New Zealand – Te Pūtea Matua is seeking feedback on proposals for collecting financial entity related data to support cyber resilience.
The ability of cyber attackers to undermine, disrupt, and disable information and communication technology systems used by financial entities is a threat to financial stability. Service outages can affect individuals, businesses and organisations and lead to a loss of confidence where there is lack of alternative providers or disruptions between financial entities.
To improve our understanding of cyber risks and resilience in the financial sector, our consultation paper proposes the collection of data in three areas:
- a material cyber incident reporting requirement that mandates regulated entities to report all material cyber incidents to the Reserve Bank within 72 hours after detection;
- reporting of all cyber incidents, regardless of materiality, on a periodic basis; and
- a periodic survey on the cyber resilience of regulated entities based on the Reserve Bank’s cyber resilience guidance.
Director of Prudential Policy Kate Le Quesne says “Collection of this information will improve our understanding of cyber resilience in the financial sector. It will also support industry engagement by sharing insights and ultimately enable better responses to cyber incidents”.
The Reserve Bank is working closely with the Financial Markets Authority on cyber data collection. We propose that our material incident reporting template can be used for reporting to both entities and that information gathered from the proposals will be shared. This would provide a joined up approach across regulators and minimise regulatory burden for our regulated entities.
On 1 May 2021, we published guidance for our regulated entities on cyber resilience. The Guidance sets our expectations (as the prudential regulator) on how our regulated entities can build cyber resilience to help promote a sound and dynamic financial system.
- Consultation Paper - Cyber Resilience Data Collection Plan
- Guidance for our regulated entities on cyber resilience