“The Central Bank is demanding increased effectiveness in IT and cyber risk management”, Director of Policy & Risk, Gerry Cross

• Recently published guidance being used to assess firms' performance
• Boards and senior management need to demonstrate their grasp of key IT risks facing their firm;
• Central Bank encourages firms to participate in cybersecurity information sharing networks

Read full speech

Speaking at the Association of Compliance Officers in Ireland (ACOI) Annual Conference today, Director of Policy & Risk, Gerry Cross, addressed cyber security risks facing the Financial Services Sector.  Referencing the Cross Industry Guidance on IT and Cybersecurity Risks recently published by the Central Bank he said that “The guidelines are designed with proportionality in mind; they will have different implications for large complex firms than smaller and simpler ones. They are a clear statement of the standards and quality in this area that Central Bank supervisors will expect to see firms meeting.”

He highlighted the role to be played by Boards and Senior Management. He said that firms need to enhance the overall level of knowledge and understanding of their boards and senior management in this area; ensure that the Board as a whole has an appropriate skill set and range of expertise; and that there is good translation of technical concepts into language and propositions that can be effectively understood and determined by board members and senior management.

Mr Cross said that “The Central Bank encourages firms to participate in cybersecurity information sharing networks. These can provide valuable intelligence on current threats, attacks and vulnerabilities which will support effective security risk identification and mitigation.“

He concluded by saying that “the Central Bank will continue to drive firms to take actions to better address IT related risks.”