G7 cyber requirements are due in October

The G7 Cyber Expert Group has been developing guidelines on cybersecurity for the financial services industry for a year.

Standardized cybersecurity requirements for the financial services industry from the G7 are due for release in October, a working paper from the International Monetary Fund has stated.

According to the UK government’s policy paper on its participation, the requirements will be a non-binding strategy. It includes developing multiple tailored cybersecurity protocols for specific risks, implementing governance infrastructure to enforce requirements at national and firm level, risk and control assessment, the introduction of cybersecurity examinations to countries that do not have them and advises an effective response to any cyber breach.

There will also be guidance on monitoring industry-specific cyber threats and how national financial regulators can improve intelligence sharing on risks.

The G7 countries – Canada, France, Germany, Italy, Japan, the UK, and the US ¬– each has a cyber risk policy, but the standard requirements aim to create a global cohesive response to cyber threats.

The US Securities and Exchange Commission recently examined firms on their cybersecurity risk practices. The regulator found that nearly all examined firms were conducting regular risk assessments of critical systems, penetration tests and vulnerability scans, and had a process in place to ensure regular system maintenance.

However, firms fell short in tailoring their policies to specific risks to their business, and some provided contradictory or confusing guidance to staff on cybersecurity.