The Financial Markets Authority (FMA) has again urged financial services providers to prioritise cyber resilience, reminding them it’s mandatory to notify the regulator of any material breaches. 

FMA issued the reminder as Cyber Smart Week, an annual awareness campaign by the country’s Computer Emergency Response Team (CERT NZ), commenced last week. CERT NZ is a key component of New Zealand’s cyber security strategy. 

“In cyber risk, prevention is better than cure. The FMA encourages all financial service providers to understand cyber threats and to ensure their systems are resilient to best protect themselves and their customers,” FMA Executive Director of Response and Enforcement Paul Gregory said. 

“It is important that entities encourage their staff to better understand the cyber risk and to be aware of the materials provided by CERT NZ and the FMA to best protect their businesses and their customers.” 

Licensed financial services provides such as insurers are required to notify the FMA of any event that materially impacts the information security of their critical technology systems, which can be caused by cyber-related incidents. 

A 2019 thematic review of cyber resilience in FMA-regulated entities found most participants were aware of the increasing cyber security risk and assessed themselves as being highly capable of protecting against, and recovering from, such threats. 

However, participating entities did not rate themselves highly in terms of detecting and responding to cyber threats. Participants also predicted that their cyber resilience was generally expected to improve over the following two years.