The Dubai Financial Services Authority (DFSA) has published the Cyber Thematic Review Report 2022 (Report). The purpose of the Report is to summarise key findings from the Cyber Thematic Review (Review) the DFSA launched in January 2022. The Review was designed to assist in determining:
- the status of areas that the Cyber Thematic Review Report 2020 identified as needing improvement;
- the degree to which Authorised Firms, Authorised Market Institutions and Registered Auditors (collectively referred to as Firms) have implemented the DFSA Cyber Risk Management Guidelines (Guidelines); and
- the current maturity level of Firms’ cybersecurity frameworks.
The Review identified that Firms have made material improvements in most of the assessed control areas but that all 14 key findings from the Cyber Thematic Review Report 2020 continue to require Firms’ attention. The Review noted that while the overall application of the DFSA Cyber Risk Management Guidelines is improving with most Firms implementing the recommended governance and hygiene guidelines, less implementation was identified in resilience practices. Finally, the review also noted an improvement in the maturity level of Firms’ cybersecurity frameworks.
Ian Johnston, Chief Executive of the DFSA commented, “Digital transformation continues to be a focus for the financial services industry, fast-tracked by the Covid-19 pandemic. It is important that firms prioritise a strong cyber infrastructure in line with the UAE National Cybersecurity Strategy. While we are pleased to see that many companies have adopted cyber security best practices over the last year, there is still room for further progress, and we look forward to continued engagement with firms to ensure they are shielded against cyber threats and have proper response and recovery frameworks in place.”