Central Bank of Ireland publishes findings from its thematic inspection of cyber security risk management in asset management firms
In an industry letter dated 10 March 2020 the Central Bank of Ireland (the “Central Bank“) detailed its key findings identified during its inspection of cyber security risk management in asset management firms. The thematic inspection examined (i) cybersecurity risk governance, (ii) cybersecurity risk management frameworks and (iii) certain technical controls for mitigating cybersecurity risk. The Central Bank notes that many of the weaknesses highlighted in the Central Bank’s ‘Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks 2016’ are still prevalent three years later.
The Central Bank’s letter states that it is the responsibility of the board of the asset management firm and its senior management to ensure that cybersecurity is embedded in their firm and the board is responsible for overseeing a clearly defined strategy for cybersecurity to enable the firm to achieve a desired state of resilience and protection. In addition the Central Bank noted that there should be a sufficient skill set on the board to…
