View the Standard
The report identifies commonalities in cyber incident reporting frameworks and details practical issues associated with the collection of cyber incident information from financial institutions and the onward sharing between financial authorities. These practical issues include:
- operational challenges arising from the process of reporting to multiple authorities;
- setting appropriate and consistent qualitative and quantitative criteria/thresholds for reporting;
- establishing an appropriate culture to report incidents in a timely manner;
- inconsistent definitions and taxonomy related to cyber security;
- establishing a secure mechanism to communicate on cyber incidents; and
- legal or confidentiality constraints in sharing information with authorities across borders and sectors.
This report sets out 16 recommendations to address these issues with a view to promote best practices in cyber incident reporting