On 26 September 2024, the European Central Bank (ECB) issued a paper which outlines how the European framework for threat intelligence-based ethical red teaming – the TIBER-EU framework – can help Member State competent authorities (NCAs) and financial entities fulfil the threat-led penetration testing (TLPT) requirements in the Digital
Cybersecurity
The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack
On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation (GDPR).
The Firm was the victim of a ransomware attack which it first became aware of on…
The HKMA issues guidance on use of artificial intelligence by banks
In response to the growing use of artificial intelligence (AI) by banks, the Hong Kong Monetary Authority (HKMA) has provided guidance to the banking industry on the use of AI applications. These are high level principles (set out briefly below) which banks are expected to take into account when designing and…
The SFC issues guidance on the use of external electronic data storage
The Securities and Futures Commission (the SFC) has issued a circular (the Circular) to licensed corporations (LCs) on the use of external electronic data storage providers[1] (EDSPs) and updated the frequently asked questions on the premises for business and record keeping in light of the Circular.
In addition…
What Australian financial institutions need to know about cybersecurity and responding to cyber-attacks
It has been 3 months since Australia’s Notifiable Data Breach Scheme (NDB Scheme)[1] came into force and, already, the Office of the Australian Information Commissioner (OAIC) is receiving many notifications of cyber-attacks and other data breaches – both voluntarily and under the NDB Scheme.
We will see even greater awareness…