DFSA publishes cyber thematic review report

The Report highlights a number of important opportunities for operational risk management practices of Firms operating in the Dubai International Financial Centre


Dubai, UAE: The Dubai Financial Services Authority (DFSA) today published a thematic review report on cyber risks. The Report highlights a number of important opportunities for operational risk management practices of Firms operating in the Dubai International Financial Centre (DIFC).

Launched in July 2019 with an objective of identifying the overall maturity level of cyber security programmes of Firms authorised by DFSA, the Cyber Thematic Review assessed cyber risk governance frameworks, cyber hygiene practices, and resilience (incident preparedness) programmes. The Review was undertaken in two phases, with the first phase consisting of a questionnaire seeking high-level information on each Authorised Firm’s cyber security practices, and the second phase consisting of desk-based reviews and onsite visits to selected Firms representing a range of business models and financial services activities.

The Review found that a significant number of firms had either not implemented a comprehensive cyber risk management framework or performed only a limited cyber risk assessment. Assessing how firms have implemented cyber hygiene practices, the findings also show that a number of firms, particularly smaller firms, did not enforce encryption on devices to protect sensitive data. The most significant finding on firms resilience towards cyber-attacks show that at least half did not have a continuous identification and response capability for managing cyber incidents. Although not part of this review, the new remote working protocols established in 2020 also bring new cyber risk vulnerabilities that need to be addressed by the financial services industry. The Report further summarises these key findings and observations together with the DFSA’s expectations and examples of best practices of cyber risk management. It focuses on cyber risk fundamentals which are relevant to each Authorised Firm, regardless of its size and business model.

Chief Executive of the DFSA, Mr Bryan Stirewalt remarked: “Enhancing the cyber resilience of our regulated population is one of our key priorities. Over the past two years, we have steadily increased our supervisory focus on cyber risk. We are constantly engaging with Firms in the DIFC to ensure they have sufficient safeguards in place to shield against cyber threat as well as effective processes to respond to and recover from a successful attack. Our focus also includes support for development of industry level guidance on cyber risk management practices. These intensified efforts support the UAE Cybersecurity Strategy and the Dubai Cybersecurity Strategy and are designed to strengthen the cybersecurity environment in the DIFC.”

As part of its efforts to strengthen cyber resilience in the DIFC, the DFSA launched its cyber threat intelligence platform (DFSA TIP) in January 2020. DFSA TIP aims to facilitate the development of a community of information sharing amongst financial services firms

- Ends -

For further information please contact:
Corporate Communications
Dubai Financial Services Authority
Level 13, The Gate, West Wing
Dubai, UAE
Tel: +971 (0)4 362 1613
Email: DFSAcorpcomms@dfsa.ae 

The Dubai Financial Services Authority (DFSA) is the independent regulator of financial services conducted in and from the Dubai International Financial Centre (DIFC), a purpose built financial free zone in Dubai. The DFSA's regulatory mandate covers asset management, banking and credit services, securities, collective investment funds, custody and trust services, commodities futures trading, Islamic finance, insurance, crowdfunding platforms, an international equities exchange and an international commodities derivatives exchange. In addition to regulating financial and ancillary services, the DFSA is responsible for administering Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) legislation that applies in the DIFC. Please refer to the DFSA's website for more information.

Bryan Stirewalt was appointed Chief Executive of the DFSA on 1 October, 2018, after nearly eight years as the DFSA's Managing Director of the Supervision Division. In his role as Chief Executive, Bryan steers the work of the DFSA, further developing its capability as a robust regulator delivering world-class financial services regulation in the DIFC. Bryan plays a vital part in executing the DFSA's regulatory mandate and developing its risk-based supervision framework. Bryan also plays an active role in supporting the work of international standard-setting bodies. He now serves as the Co-Chair of the Basel Consultative Group (BCG), which provides a forum for deepening the Basel Committee on Banking Supervision's engagement with non-member, global supervisors on banking supervisory issues. Through this role, Bryan also serves as an Observer at the Basel Committee on Banking Supervision.

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2020

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

More From Press Releases