The recently published Central Bank of Ireland (‘CBI’) ‘Dear CEO’ letter regarding the Thematic Inspection of Cybersecurity Risk Management in Asset Management Firms follows on from the CBI’s more general Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks published in 2016.

The March 2020 letter provides a number of observations regarding the preparedness of asset management firms based in Ireland to engage with and invest in proper cybersecurity. What is most striking from the CBI publications in 2016 and 2020 is the commonality of issues that have been raised and we have seen these same issues mirrored in the Risk Mitigation Plans that CBI has issued directly to firms in relation to Cyber Security.

Taking each of the CBI’s points in turn, it’s worth noting that there is a consistent theme in the six areas of focus – a better appreciation of the benefits of cybersecurity within the firm.

The six areas of focus are:

• Cybersecurity Risk Governance
• Cybersecurity Risk Management
• IT Asset Inventories
• Vulnerability Management
• Security Event Monitoring
• Security Incident Management

Click here to understand each of these areas in-depth.