The Central Bank has stated that the risks associated with information technology and cyber security are a key concern and has called on firms to increase their resilience to IT failures and cyber security incidents: see here. Guidance for firms has been published - see here (pdf) - and this makes clear that IT risk should be considered as part of the board's responsibility for setting and overseeing strategy and risk appetite. Moreover, the Central Bank expects, to quote directly from its guidance document, that firms "... develop and document a Board approved comprehensive IT strategy that is aligned with the overall business strategy. IT strategy objectives should include maintaining the capacity to effectively anticipate, detect and recover from cybersecurity attacks on the firm so as to ensure overall IT resilience".
No comments:
Post a Comment