Financial institutions often serve many different customers in many different sectors, including customers in sectors with higher inherent integrity risks. The sector in which a customer operates is one of the factors that a financial institution...Read more
DNB shares cybersecurity observations in the annual Information Security monitor 2021
DNB considers information security and the associated cyber risks to be one of the key strategic risks in financial institutions. Currently Many institutions and security providers warn of an increased cyberthreat to Western vital organisations. Dutch financial institutions also rate their cyberthreats as increased, and are attentive to developments. See also our newsitem: Increased cyberthreat due to the situation in Ukraine: DNB calls on financial institutions to remain alert.
These threats lay emphasis on the cyber-resilience of financial institutions. In our Information security monitor (December 2021) we present our latest observations on information security and cyber risks, based on supervisory examinations and information obtained from financial institutions. The observations in this Information Security Monitor are based on the examinations conducted in 2020-2021 and sector-wide requests for information primarily sent to pension funds and insurers. These sources have been supplemented with signals and incident reports from institutions and information exchanged with other supervisory authorities and partnerships. Where relevant, these information sources have also been incorporated in this Information Security Monitor.
The following three key observations are relevant for executive board members and internal supervisors (such as members of supervisory boards):
- The information security risk management cycle is not sufficiently effective
- Management of information security in the entire outsourcing chain remains crucial
- Resilience to cyberattacks must be strengthened
In addition to these key observations we see the need to improve knowledge of information security at an executive board level. Constructive input and critical questions from executive board members and internal supervisors help the institution to make appropriate strategic and tactical choices. We also believe further cooperation between all parties in the financial sector is essential in order to increase the resilience of institutions and the entire outsourcing chain.
These observations have been set out in further detail in the Information Security Monitor.
You van download the Information Security Monitor below. For more information see the Q&A Assessment Framework for DNB Information Security Examination.
- Clearing institutions
- Electronic money institutions
- Investment firms
- Payment institutions
- Pension funds
- Premium Pension institutions
- Trust offices