The Financial Stability Board has published a progress report on the activities and work plan of its Cyber Incident Response and Recovery working group. The working group was established in 2018 with a mandate to develop a toolkit of practices for financial institutions and authorities in preparing for and dealing with cyber incidents.
The toolkit focuses on establishing practices that firms can implement to respond to and recover from cyber incidents. Accordingly, the practices proposed by the working group proposes will fall into two categories - "Respond" and "Recover". The working group proposes that the key components of responding to a cyber-attack should be response preparation, assessment, mitigation and communications, while recovery from an attack includes recovery preparation, restoration, interconnections and communications. The practices the working group develops to assist in responding to and recovering from attacks will be based upon these key components.
Development of the toolkit has been split into two phases - the first, running from January 2019 through October 2019, will include a review by the working group of historic responses to cyber incidents and surveys of work by other international bodies, guidance issued by national authorities and perspectives from external stakeholders on industry practices in relation to cyber-related incident response and recovery. The results of this phase will be discussed at the working group's meeting on October 2 - 3, 2019. The second phase will focus on drafting the toolkit and obtaining further feedback from external stakeholders via a public consultation document to be issued in early 2020.
The working group aims to publish the final toolkit in September 2020.
View the FSB's Progress Report.