Article
Embracing the New HKMA Cyber Fortification Initiative (CFI)
Time to put cybersecurity in action
Three pillars to uplift Cyber Resilience
The Hong Kong Monetary Authority (HKMA) finalized and announced the implementation details of the Cybersecurity Fortification Initiative (CFI) on 21 December 2016. The CFI program consists of three key pillars aiming to improve the cyber resilience of Authorized Institutions (AI):
Cyber Resilience Assessment Framework |
Inherent Risk Assessment (Low / Medium / High) – an assessment on AI’s overall cyber risk exposures based on defined criteria measurements that reflects the values, types, volumes and complexity of its business operations |
Professional Development Programme (PDP) |
Vocational training and certification programme – An program developed in partnership with the Hong Kong Institute of Bankers (HKIB) aiming to increase the supply of qualified cybersecurity professionals in Hong Kong. |
Cyber Intelligence Sharing Platform (CISP) |
A new element of financial market infrastructure is developed in partnership with the Hong Kong Association of Banks (HKAB) to allow inter-bank sharing of cyber threat intelligence in order to enhance collaboration and systemic resilience. |
Knowing where you are in the C-RAF assessment implementation
Taking into consideration resources availability and overseas experience, the HKMA had adopted a phased approach to implement the C-RAF assessments where around 30 AIs (i.e. all major retail banks, selected global banks and smaller AIs) were selected for the first phase rollout to complete the Cyber Inherent Risk Assessment and maturity assessment by September 2017 and iCAST by June 2018 (if applicable).
C-RAF assessment components |
First Phase |
2nd Phase |
Inherent Risk Assessment |
By September 2017 |
By December 2018 |
Maturity Assessment |
By September 2017 |
By December 2018 |
ICAST |
By June 2018 |
To be determined by HKMA |
How Deloitte helps you put cybersecurity into action
Deloitte offers end-to-end cyber security services to support your C-RAF implementation journey from conducting the assessment to developing a roadmap and implementing the solution:
Why Deloitte?
The Deloitte Difference
Leaders in Information and Cyber Security
We have more than 3600 dedicated cyber professionals operating in 46 countries. In 2016, we took up around 2500 cyber projects globally. With a client base including 223 of the Fortune 500 companies and 163 governments, we can bring in fresh insight from your industry and make a difference with our methodologies.
Strong capabilities on cyber intelligence
We have over 20 Cyber Intelligence and Operations Centers around the world, integrating state-of-the-art technology with industry insights to provide you with round-the-clock business-focused operational security. With 24x7 coverage and professional threat contextualization, you will be able to determine the risks to your business and stakeholders, swiftly and effectively mitigate them and strengthen your cyber resilience.
Cyber Security Certification and Achievements
We are committed in delivering a team that has the right knowledge, skills and experience to provide an exceptional level of service. Deloitte is CREST & CBEST Certified and actively participated in the NATO Locked Shields exercise as offensive red team. Our Netherlands team is also the reigning world champion (2016) of the Global CyberLympics, in which it emerged as winner for five times.
Maximize value for money for a tailored solution
We recognize that every organization is unique and requires a tailor-made solution. You can choose any combination of our services; feel free to contact us should you have any enquiries.