Welcome to this week's Black Arrow Cyber Tip Tuesday, this week Tony is talking about the new cyber rules that the GFSC have just released and which are now in force for regulated financial services firms in the Bailiwick.

The GFSC have now released the new cyber rules and all regulated financial will need to be able to demonstrate compliance with these new regulations.

The regulations are built around compliance or adherence to the internationally recognised NIST cyber security framework and the five pillars contained therein, being identify, protect, detect, respond and recover.

We can assist any firm by producing a gap analysis against the NIST standard, and therefore the GFSC rules, to identify any areas of non-compliance or areas where firms will need to bolster their existing security arrangements.

Remember that cyber and information encompasses a lot more than just IT but is rather requires a holistic approach across people, operations and technology.

Leaving this solely to your IT team or IT provider likely won’t provide the coverage the GFSC now expects from firms.

Remember too taking a proactive approach should always be about preventing an attack or breach, many firms do not survive a significant cyber event, and for those that do recovery invariably costs a lot more than it would have cost to put appropriate controls in place to prevent the breach happening in the first place.

Boards are expected to show good governance over cyber and information security as they would be expected to do with any older and longer established risks.

It is clear from the new rules that the GFSC also agree that the responsibility for cyber and information security clearly sits with Boards, not IT.

Talk to us today to see how we can help you demonstrate compliance or become compliant with the new GFSC cyber rules.