On 19 October 2020, the Financial Stability Board (FSB) published a toolkit of effective practices for financial institutions’ cyber incident response and recovery (CIRR). The toolkit draws on the feedback from a public consultation process, including four virtual outreach meetings. The report was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting.

The toolkit includes 49 practices for effective CIRR across seven components: (i) governance, (ii) planning and preparation, (iii) analysis, (iv) mitigation, (v) restoration and recovery, (vi) coordination and communication, and (vii) improvement. The toolkit is composed as a resource and reference guide for effective practices using common cyber-taxonomies in a manner aligned to industry standards accessible to senior management, board of directors or other governance or compliance, risk and legal professionals that interface with cyber security technical experts within their organisation.

The toolkit is not intended to create an international standard, or constitute standards for organisations and their supervisors. It is not a prescriptive recommendation for any particular approach. The toolkit is designed as a range of effective practices that any organisation can choose from, based on its size, complexity and risks.

Earlier this year we updated our popular online briefing note, Cybersecurity: Not just an IT issue, but a regulatory one too. The briefing note is here.