Cyber Security Solutions for the European Board Room
The increasing cyber security threat posed to investment advisers and funds has led to European regulators to implement robust safeguards. This is providing a range of challenges for board members as they endeavour to manage a highly-technical subject for which they have a legal responsibility.
European regulators have been unequivocal in their cyber security expectations with recent examples including:
- the Central Bank of Ireland has published Cross-Industry Guidance on Operational Resilience (previously CP 140) and Outsourcing (previously CP138)
- Luxembourg’s CSSF Circulars that implement EBA Guidelines on Information and Communications Technology (ICT) (Circular 20/750) and require investment funds to implement systems for the identification and management of IT risks (18/698)
- the imminent publication of the European Commission’s Digital Operational Resilience Act
- Basel’s Principles for Operational Resilience
- The EBA’s Guidelines on ICT & Security Risk Management
What can firms do now to prepare?
- begin risk assessments that include a strong vendor risk management component
- draft new cyber policies or review prior policies
- examine existing technology controls to determine whether or not they meet current industry best practice
- appoint a Chief Information Security Officer (CISO).
How can Waystone help?
- provision of Chief Information Security Officer (CISO) for Board of Management
- provision of Cyber Security Advisor for investment advisers and fund boards
- cyber risk assessment including vendor risk assessment
- cyber policy drafting
- annual review and remediation of any attendant issues
- cyber incident response, reporting and remediation.
The role of a CISO includes:
- providing ongoing advice and guidance on cyber security matters and ensuring that the board of management remains at the forefront in addressing cyber security developments
- engagement with the client management team to determine an appropriate frequency per annum (1 day/month, 1 day/quarter etc)
- providing an annual cyber workplan to be signed off by the management team
- providing quarterly updates to the management team on progress against a cyber workplan
- overseeing third-party vendor management and other stakeholders.
Waystone has over a decade of experience within the industry and its principals have over 75 years of combined InfoSec and Data Protection experience. They act as an advisory, providing services to ‘C-Suite’ and Boards for cyber, information security and data protection issues. They are both ISO27001:2013 and ISO27701 certified.
If you would like to find out more about how Waystone can help you with your cyber security requirements, please contact us below.