The Information Security Monitor is a clickable PDF. This year's main message relates to the observations listed below about information security at financial institutions. The groundwork for the Information Security Monitor was laid in the form of the examinations we carried out at financial institutions in 2019, complemented by observations from other sources, such as the TIBER-NL programme.
Given the current circumstances, the Monitor also reflects on the specific risks that have emerged due to the COVID-19 pandemic. This information is based on sources that include recent discussions with financial institutions and various other service providers.
The Monitor also looks to the future, describing the examination methods we expect to use in the years ahead in the area of information security and cybersecurity.
Some of the main observations in the Information Security Monitor include the following.
- Cyberhygiene and vulnerability management in particular will remain vital.
- Testing the measures that have been taken contributes to ongoing improvements in cyber resilience.
- Outsourcing must not involve a transfer of responsibility, as institutions should remain in control.
- Prevention alone is not enough, the focus must shift to detection and response.
- Board members should be aware of the role they have in information security.
- Institutions should take account of specific risks emerging from the COVID-19 pandemic.
You can download the Information Security Monitor below.
Over the coming years, we will use a range of examination methods on the subject of information security and cybersecurity in the sector. We use these methods, which are mutually reinforcing, to apply our risk-based supervision.
In addition, we will pay particular attention to the cooperation between financial institutions in the coming period. We consider cooperation vital for the financial sector in coping with cyberthreats.
You can find relevant information here: