Reserve Bank targets cyber resilience for the financial sector

Reserve Bank targets cyber resilience for the financial sector

Bank proposes mandating the reporting of material cyber incidents within 72 hours of detection.

Credit: Dreamstime

The Reserve Bank of New Zealand – Te Pūtea Matua is seeking feedback on its proposals for collecting data on financial entities to support cyber resilience.

The ability of cyber attackers to undermine, disrupt, and disable ICT systems used by financial entities was a threat to financial stability, the bank said today.

Service outages could affect individuals, businesses and organisations and lead to a loss of confidence where there was lack of alternative providers or disruptions between financial entities.

To improve the bank's understanding of cyber risks and resilience in the sector, it has releaed a consultation paper proposing the collection of data in three areas:

First, a material cyber incident reporting requirement that mandates regulated entities report all material cyber incidents to the Reserve Bank within 72 hours after detection.

Second, the reporting of all cyber incidents, regardless of materiality, on a periodic basis.

Finally, a periodic survey on the cyber resilience of regulated entities based on the Reserve Bank’s cyber resilience guidance.

“Collection of this information will improve our understanding of cyber resilience in the financial sector," said director of prudential policy Kate Le Quesne.

"It will also support industry engagement by sharing insights and ultimately enable better responses to cyber incidents."

The Reserve Bank is working closely with the Financial Markets Authority on cyber data collection. It is therefore proposing its material incident reporting template could be used for reporting to both entities and that information gathered from the proposals would be shared.  

This would provide a joined-up approach across regulators and minimise the regulatory burden for regulated businesses.

"We observe that, with some notable exceptions, most successful cyber attacks impacting the financial sector affect one institution and produce limited damage," the consultation says. 

"However, a successful attack with enough technical force to disable or disrupt a key institution or spread through the financial system could become a systemic event. 

"A significant system failure could have the same effect."

The bank itself was hacked in late 2020, months after it had recognised internally that it was not investing adequately in cyber security.

In May 2021, the bank published guidance for regulated entities on cyber resilience, setting out its expectations on how they could build resilience to help promote a sound and dynamic financial system.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingFinancial ServicesReserve Bankcyber security


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments