Belfast Telegraph

UK Website Of The Year

Prepare for cyber attacks, Central Bank of Ireland tells firms

By Donal O'Donovan

Published 15/09/2016

Cyber attacks: 'It's not a question of 'if' but 'when' firms will be hit'
Cyber attacks: 'It's not a question of 'if' but 'when' firms will be hit'

Customers of Irish banks, insurers and financial intermediaries are at risk from cyber attack, the Central Bank of Ireland has warned.

Firms are being warned to increase resilience to IT failures and cyber security incidents.

New guidelines introduced yesterday apply to all businesses regulated by the Central Bank, regardless of size.

Old systems, under-investment and the use of outsourcing will all be scrutinised. "There are a lot of weaknesses and a lot of failings out there," according to Gerry Cross, director of Policy & Risk at the Central Bank of Ireland.

Businesses need to be prepared for situations, including the high likelihood of cyber attacks, it said.

"It's not a question of 'if' but 'when' firms will be hit, but we are just not seeing that reality in how firms are prepared," Mr Cross warned.

He said the new rules are the first time a single set of guidelines has applied across all regulated firms and that the rules are being introduced to raise standards.

"There is no sector already meeting this standard. They (the guidelines) are demanding," he said. The new guidelines are not binding in their own right but will form part of the overall supervision of regulated firms, Mr Cross said.

The new rules cover four main areas: governance by boards and senior management, risk management, cyber security and outsourcing.

In terms of governance, the Central Bank said it expects senior executives to be engaged with the issue.

"The thinking to a certain degree is 'we have an IT department and they are doing this'. So we are very keen to see real ownership by boards and senior managers."

The Regulator is not taking a position against outsourcing, but has concerns about the practice. "What we want to see is that firms are not outsourcing responsibility or thinking they can outsource responsibility. Control of the situation must remain with regulated firms."

A particular issue in Ireland is underinvestment in the wake of the crash.

In many cases Irish firms are operating IT systems that feature out dated technology assets in some cases no longer supported by the manufacturers.

"It is fair to say there is a post-crash hangover aspect," Gerry Cross said.

Your Comments

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting?

Read More