A G7 working group this week released a set of nonbinding principles to align cyber incident response and recovery approaches for the financial sector among its member nations.
The principles outlined in the policy paper authored by the G7 Cyber Expert Group – chaired by the U.S. Treasury Department and the Bank of England – are not regulatory expectations, according to the paper’s authors. Rather, they seek to facilitate greater compatibility among different approaches while still allowing flexibility and tailoring to national, sector and organizational needs.
“Since major cyber incidents increasingly have a global character, effective cyber incident response and recovery are ever-more dependent on a collective response,” the paper states. “This includes cooperation, both domestically and across borders, between financial authorities, financial entities and their relevant third-party service providers, as well as with actors from other sectors, including government authorities.”
Among other things, the paper calls on countries to establish mechanisms and procedures to ensure efficient incident coordination, and to establish a crisis communication strategy to ensure timely and effective messaging to relevant stakeholders in the event of an incident.
