24 June 2020 — DFSA Publishes Cyber Thematic Review Report

Click here to view the PDF.

Dubai, UAE, 24 June 2020: The Dubai Financial Services Authority (DFSA) today published a thematic review report on cyber risks. The Report highlights a number of important opportunities for operational risk management practices of Firms operating in the Dubai International Financial Centre (DIFC).

Launched in July 2019 with an objective of identifying the overall maturity level of cyber security programmes of Firms authorised by DFSA, the Cyber Thematic Review assessed cyber risk governance frameworks, cyber hygiene practices, and resilience (incident preparedness) programmes. The Review was undertaken in two phases, with the first phase consisting of a questionnaire seeking high-level information on each Authorised Firm’s cyber security practices, and the second phase consisting of desk-based reviews and onsite visits to selected Firms representing a range of business models and financial services activities.

The Review found that a significant number of firms had either not implemented a comprehensive cyber risk management framework or performed only a limited cyber risk assessment. Assessing how firms have implemented cyber hygiene practices, the findings also show that a number of firms, particularly smaller firms, did not enforce encryption on devices to protect sensitive data. The most significant finding on firms resilience towards cyber-attacks show that at least half did not have a continuous identification and response capability for managing cyber incidents. Although not part of this review, the new remote working protocols established in 2020 also bring new cyber risk vulnerabilities that need to be addressed by the financial services industry. The Report further summarises these key findings and observations together with the DFSA’s expectations and examples of best practices of cyber risk management. It focuses on cyber risk fundamentals which are relevant to each Authorised Firm, regardless of its size and business model.

Chief Executive of the DFSA, Mr Bryan Stirewalt remarked: “Enhancing the cyber resilience of our regulated population is one of our key priorities. Over the past two years, we have steadily increased our supervisory focus on cyber risk. We are constantly engaging with Firms in the DIFC to ensure they have sufficient safeguards in place to shield against cyber threat as well as effective processes to respond to and recover from a successful attack. Our focus also includes support for development of industry level guidance on cyber risk management practices. These intensified efforts support the UAE Cybersecurity Strategy and the Dubai Cybersecurity Strategy and are designed to strengthen the cybersecurity environment in the DIFC.”

As part of its efforts to strengthen cyber resilience in the DIFC, the DFSA launched its cyber threat intelligence platform (DFSA TIP) in January 2020. DFSA TIP aims to facilitate the development of a community of information sharing amongst financial services firms.

- Ends -

For further information please contact:
Corporate Communications
Dubai Financial Services Authority
Level 13, The Gate, West Wing
Dubai, UAE
Tel: +971 (0)4 362 1613

Editor’s notes:

The Dubai Financial Services Authority (DFSA) is the independent regulator of financial services conducted in and from the Dubai International Financial Centre (DIFC), a purpose built financial free zone in Dubai. The DFSA's regulatory mandate covers asset management, banking and credit services, securities, collective investment funds, custody and trust services, commodities futures trading, Islamic finance, insurance, crowdfunding platforms, an international equities exchange and an international commodities derivatives exchange. In addition to regulating financial and ancillary services, the DFSA is responsible for administering Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) legislation that applies in the DIFC. Please refer to the DFSA's website for more information.

Bryan Stirewalt was appointed Chief Executive of the DFSA on 1 October, 2018, after nearly eight years as the DFSA's Managing Director of the Supervision Division. In his role as Chief Executive, Bryan steers the work of the DFSA, further developing its capability as a robust regulator delivering world-class financial services regulation in the DIFC. Bryan plays a vital part in executing the DFSA's regulatory mandate and developing its risk-based supervision framework. Bryan also plays an active role in supporting the work of international standard-setting bodies. He now serves as the Co-Chair of the Basel Consultative Group (BCG), which provides a forum for deepening the Basel Committee on Banking Supervision's engagement with non-member, global supervisors on banking supervisory issues. Through this role, Bryan also serves as an Observer at the Basel Committee on Banking Supervision.