SC is­sues guide­lines to en­hance cy­ber re­silience of cap­i­tal mar­ket

The Sun (Malaysia) - - MEDIA & MARKETING -

KUALA LUMPUR: Se­cu­ri­ties Com­mis­sion Malaysia (SC) yes­ter­day is­sued guide­lines to en­hance cy­ber re­silience of the cap­i­tal mar­ket by re­quir­ing cap­i­tal mar­ket en­ti­ties to es­tab­lish and im­ple­ment ef­fec­tive gov­er­nance mea­sures to counter cy­ber risk and pro­tect in­vestors.

The Guide­lines on Man­age­ment of Cy­ber Risk clearly stip­u­late, among oth­ers, the roles and re­spon­si­bil­i­ties of the board and se­nior man­age­ment in build­ing cy­ber re­silience of a cap­i­tal mar­ket en­tity. The guide­lines man­date the en­tity to iden­tify a re­spon­si­ble per­son to be ac­count­able for the ef­fec­tive man­age­ment of cy­ber risk.

These mea­sures aim to en­sure that cy­ber risk is man­aged in an op­ti­mised man­ner, in light of the chang­ing land­scape in the mar­ket.

“Against a back­drop of in­creased adop­tion of tech­nol­ogy in cap­i­tal mar­ket ac­tiv­i­ties, op­er­a­tions of mar­ket in­ter­me­di­aries, mar­ket in­fra­struc­ture and mar­ket-based fi­nanc­ing plat­forms, it is im­per­a­tive to en­sure vig­i­lant man­age­ment of cy­ber risk. This will min­imise dis­rup­tion to the cap­i­tal mar­ket, pro­tect in­vestors’ con­fi­den­tial data and pre­serve mar­ket con­fi­dence,” said SC ex­ec­u­tive di­rec­tor and gen­eral coun­sel Foo Lee Mei in a state­ment.

The guide­lines re­quire reg­u­lated en­ti­ties to have in place a risk man­age­ment frame­work to min­imise cy­ber threats, im­ple­ment ad­e­quate mea­sures to iden­tify po­ten­tial vul­ner­a­bil­i­ties in their op­er­at­ing en­vi­ron­ment and en­sure timely re­sponse and re­cov­ery in the event of a cy­ber-breach. In this re­gard, reg­u­lated en­ti­ties are re­quired to im­ple­ment ad­e­quate phys­i­cal and sys­tems se­cu­rity ar­range­ments.

The in­volve­ment of the board and se­nior man­age­ment is im­por­tant to en­sure that the cap­i­tal mar­ket en­tity puts ad­e­quate fo­cus on cy­ber risk is­sues, de­ter­mines risk tol­er­ance and pri­or­i­ties, and al­lo­cates suf­fi­cient re­sources to cy­ber risk. As such, these guide­lines re­quire the en­tity to out­line the roles and re­spon­si­bil­i­ties of the board, re­spon­si­ble per­son and key per­son­nel in crit­i­cal func­tions with a role in man­ag­ing cy­ber risk.

Un­der the guide­lines, cap­i­tal mar­ket en­ti­ties are re­quired to share in­for­ma­tion on cy­ber breaches and po­ten­tial cy­ber threats, and re­port cy­ber in­ci­dents to the SC. This en­gage­ment will en­hance in­dus­try’s aware­ness on, and pre­pared­ness in deal­ing with, cy­ber risk. It will also pro­vide a plat­form for SC to col­lab­o­rate with mar­ket en­ti­ties and stake­hold­ers to en­hance cy­ber re­silience on an on­go­ing ba­sis.

These guide­lines will be im­ple­mented in phases. En­ti­ties will be se­lected for the dif­fer­ent phases based on, among oth­ers, size, na­ture of ac­tiv­i­ties and mar­ket share.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.