From a cybersecurity risk governance perspective, the FSC will expect as a minimum from the Management Companies the following:

1. understanding of the cyber risks, vulnerabilities and impact associated in running their businesses, with supporting documentation;
2. putting into place appropriate policies and procedures duly approved by the board to mitigate the risks;
3. carrying out an annual cybersecurity risk assessment which is reported to the board;
4. conducting regular IT audit and addressing identified loopholes accordingly;
5. conducting penetration testing to ensure that their systems are not vulnerable or susceptible to cyber-attacks;
6. putting in place appropriate contingency arrangements that they can be deployed in the event of a cyberattack, including but not limited, maintaining service levels for clients and informing relevant parties and authorities about the attack and its impact; and
7. running a comprehensive technology risk and cybersecurity training programme at all levels.

To read original article please click here