sc launches new guidelines to counter cyber risk
PETALING JAYA: The Securities Commission Malaysia (SC) has set up new guidelines to enhance governance measures and counter cyber risk and protect investors within the capital market.
In a statement yesterday, the SC said the measures aim to ensure that cyber risk is managed in an optimised manner, in light of the changing landscape in the market.
“The Guidelines on Management of Cyber Risk (guidelines) clearly stipulate, among others, the roles and responsibilities of the board and senior management in building cyber resilience of a capital market entity.
“The guidelines have also mandated the entity to identify a responsible person to be accountable for the effective management of cyber risk.”
Against a backdrop of increased adoption of technology in capital market activities, operations of market intermediaries, market infrastructure and market-based financing platforms, it is imperative to ensure vigilant management of cyber risk, the SC said.
“This will minimise disruption to the capital market, protect investors’ confidential data and preserve market confidence,” SC executive director and general counsel Foo Lee Mei in the same statement.
The SC said these guidelines require regulated entities to have in place a risk management framework to minimise cyber threats, implement adequate measures to identify potential vulnerabilities in their operating environment and ensure timely response and recovery in the event of a cyber-breach.
“In this regard, regulated entities are required to implement adequate physical and systems security arrangements.”
The SC added that the involvement of the board and senior management was important to ensure that the capital market entity puts adequate focus on cyber risk issues, determined risk tolerance and priorities, and allocated sufficient resources to cyber risk.
“As such, these guidelines require the entity to outline the roles and responsibilities of the board, responsible person and key personnel in critical functions with a role in managing cyber risk.”
To engage effectively with capital market entities and to share information on cyber breaches and potential cyber threats, regulated entities are required to report cyber incidents to the SC.
“This engagement will enhance industry’s awareness on, and preparedness in dealing with, cyber risk.
It will also provide a platform for SC to collaborate with market entities and stakeholders to enhance cyber resilience on an ongoing basis.”