Finance ministers from the G20 and Central Bank governors have received a briefing on effective practices for cyber-incident response and recovery. The Financial Stability Board (FSB) sent its report on Effective Practices for Cyber Incident Response and Recovery before a three-month consultation period and an October meeting between the G20 Finance ministers and Central Bank governors.
The report is described as a “toolkit for effective practices” that is designed to assist financial institutions in their cyber-incident response and recovery activities. It lists 46 different practices that are structured over seven components.
This frames how to organise and manage cyber-incident and recovery.
Preparation is there to establish and maintain capabilities to respond to cyber-incidents and to restore critical functions, processes, systems, and data that have been impacted.
Analysis ensures effective response and recovery activities. This includes forensic analysis and can determine the severity, impact, and even the cause of the cyber-incident. Doing so will help understand the most appropriate response and recovery activities.
This prevents how aggressive the situation can get and will eradicate cyber-threats as soon as possible. Doing so will reduce the impact it has on business operations and services.
Mitigation repairs and restores systems or assets are affected by a cyber-incident, ensuring it is safe to resume business deliveries of impacted services.
Through lessons learned from past cyber-incidents and proactive tools, such as tests, drills and tabletop exercises, response and recovery capabilities can improve.
Coordination and communication
Coordinating with stakeholders to ensure awareness of cyber situations, enhancing the cyber-resilience of the ecosystem.
The FSB acknowledged that “efficient and effective response to and recovery from cyber-incidents by organizations in the financial ecosystem is essential in limiting any related financial stability risks,” and that some risks could arise from circumstances such as interconnected information technology systems between numerous financial institutions. Issues are also present from lacking confidence in a major financial institution or group of financial institutions, or impacts on capital arising from losses due to the incident.
The FSB added: “A major cyber-incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.”