The Reserve Bank of New Zealand (RBNZ) has released the finalised version of its guidance on cyber resilience for its regulated entities.
The guidance contains the regulator’s expectations regarding cyber resilience, drawing from national and international standards and best practices on cybersecurity. This applies to all financial institutions under the purview of the Reserve Bank, including banks, insurers, non-bank deposit takers, and designated financial market infrastructures.
It aims to raise awareness and promote cyber resilience throughout the financial sector, especially at the board and senior management level. To achieve this, the guidance provides high-level principle-based recommendations, and will act as an overarching framework for the governance and management of cyber risk.
According to RBNZ, regulated entities should not treat the guidance as an explicitly detailed or technical set of instructions, but rather adapt it to their own specific needs and technologies.
Deputy Governor and General Manager of Financial Stability Geoff Bascand highlighted the recent illegal data breach of a third party file sharing application used by the Reserve Bank, which he says is a timely reminder of the risks financial entities are exposed to when managing and sharing information.
In response to the breach, RBNZ appointed KPMG to conduct an independent review of its systems and processes.
“This report is due to be published in early May and we are committed to continuing our own improvements in this area and sharing any relevant lessons with the firms that we regulate,” Bascand said.