Dedicated to Excellence

Reserve Bank sets out its stance on cyber security

Reserve Bank of NZ buildingSource: Sunday Star Times

Firms in the finance sector, regulators, and other authorities all have a part to play in managing cyber security risks, a Reserve Bank executive said.

They can take on this challenge while still benefiting from the opportunities of new financial technology, said Reserve Bank Head of Prudential Supervision, Toby Fiennes, in a speech delivered to the Future of Financial Services conference, in Auckland.

“The dynamic cyber environment means organisations have to be nimble in their approach to cyber security – focused on outcomes, rather than prescriptive compliance exercises,” said Fiennes.

He said that cyber-attack poses a significant threat to the global financial system, as shown by the ‘WannaCry’ ransom-ware attack that affected more than 200,000 systems around the world and the more recent ‘Notpetya’ attack.

“The nature and incidence of cyber risk is unique, meaning that typical approaches to risk management and disaster recovery planning may not be appropriate. While cyber vulnerabilities can be mitigated, the potential sources of cyber threats and the attack footprint are just too broad, so they can never be eliminated,” Fiennes said.

The Reserve Bank had thought about whether to introduce more prescriptive requirements but decided not to at this stage.

“We doubt that prescriptive regulations would appreciably improve the outcome, when the technology and threat landscape are both changing so rapidly. We will, however, review this policy stance from time-to-time to ensure that it remains appropriate,” Fiennes said.

“The Reserve Bank is closely watching the emerging wave of ‘digital disruption’ affecting the financial sector as firms react to customer demand for a more online experience. In the short term, digital disruption may result in new risks and increased instability in the financial system but in the long term, digital disruption of the banking sector may improve the efficiency of the financial system. The long-term impact on financial system soundness is less clear. Read more.