Central Bank of Ireland, Cross Industry Guidance in Respect of Information Technology and Cybersecurity Risks (Sept. 2016) (full-text).
The risks associated with IT and cybersecurity ("IT related risks") are a key concern for the Central Bank given their potential to have serious implications for prudential soundness, consumer protection, financial stability and the reputation of the Irish financial system. Accordingly, the Central Bank expects that the Boards and Senior Management of regulated firms fully recognise their responsibilities in relation to IT and cybersecurity governance and risk management and place these among their top priorities.
This paper also sets out observations that incorporate examples from supervisory work carried out by the Central Bank over the course of 2015 and 2016 to assess IT and cybersecurity related operational, governance and strategic risks in regulated firms. The guidance sets out the Central Bank's current thinking as to good practices that regulated firms should use to inform the development of effective IT and cybersecurity governance and risk management frameworks. This guidance will inform supervisors’ views as to the quality of IT related governance and risk management in regulated firms. Failings in respect of this guidance will inform Central Bank supervisory decisions, including those in respect of risk mitigation programmes.