Cayman Islands Monetary Authority Rule and Statement of Guidance –Cybersecurity for Regulated Entities
Is your organisation ready?
Across the globe, and in the Cayman Islands, cyber-attacks are increasing in frequency and sophistication. The Financial Services sector is a key target, and there are many well-publicized cybercrime cases involving Financial Institutions. Cybercriminals are becoming more sophisticated, and the cost of cybercrime is becoming increasingly intolerable. The stakeholders – including boards, regulators, investors, analysts, business partners, and customers – expect greater visibility into an organisation’s cybersecurity risk management programmes.
In light of the growing cyber threats to financial industry, the Cayman Islands Monetary Authority (CIMA) published Rule and State of Guidance – Cybersecurity for Regulated Entities on May 27, 2020. The Guidance will come into effect on November 27, 2020. The Guidance would require all CIMA–regulated entities to establish a cybersecurity program, develop cybersecurity policies and procedures, and designate a Senior Officer, who must oversee the cybersecurity framework with access to the governing body.
The ultimate goal of the Guidance is to ensure that entities regulated by CIMA establish a robust cybersecurity program and comply with related requirements. The Guidance prescribes specific requirements to ensure appropriate cybersecurity programs are in place. Regulated entities should implement the Guidance in proportion to their cyber risk profile (size, nature and complexity of their business), following an appropriate assessment of their cyber risks. Each entity is required to assess its particular risk profile and design a program that robustly addresses such risks.
The CIMA Guidance emphasizes the importance for the regulated entities to ensure that robust cybersecurity measures are in place and that they can appropriately identify, protect, detect, respond to and recover from such cybersecurity-related threats, incidents, and breaches. Broadly speaking, the requirements in the Guidance fall under the four main pillars - Governance. secure. Vigilant. Resilient.(tm)
We are here to help!
Every entity is at a different place when it comes to the maturity of its cybersecurity risk management program. Besides, the nature and magnitude of cyber risks are continuously evolving, and so are the practices for staying ahead of these threats. That’s why it’s essential to understand where you stand today by proactively performing in a compliance readiness assessment and addressing the gaps.
To learn more, download our full POV on this page, and contact our experts with any related questions.
CIMA resources
CIMA’s Statement of Guidance – Cybersecurity for Regulated Entities
CIMA’s Rule – Cybersecurity for Regulated Entities
CIMA Insights
Insight 2: Section 5 - General Guidance
Insight 3: Section 6 - Cybersecurity Framework
Insight 4: Section 7 - Cybersecurity Risk Management
Insight 5: Section 7 - Cybersecurity Risk Management (cont'd)
Insight 6: Section 8 - Review of the Information Systems and Cybersecurity Framework
Insight 7: Section 9 - IT Systems Control and Use of the Internet
Insight 8: Section 10 - Accountability
Insight 9: Section 11 - Intra-Group
Insight 10: Section 12 - Employee Selection, Training and Awareness
Insight 11: Section 14 - Data Protection
Insight 12: Section 13: IT Outsourcing Arrangements
Insight 13: Section 13: IT Outsourcing Arrangements
Insight #16 | CIMA Rules and Statement of Guidance are a reality. Is your organisation ready?
