Cyber Resiliency Is a Mandate for Banks in IndonesiaFTI Consulting's Simon Onyons on How Banks Need to Approach the New Regulations
Banks must rethink their risk management approach in order to be more cyber resilient, says Simon Onyons, managing director, EMEA, cybersecurity with FTI Consulting. The Financial Service Authority in Indonesia recently issued new cybersecurity requirements for the banking industry in the country, calling for better risk management practices.
"The key thing here is around the risk management approach, and that is kind of the heart of this regulation," Onyons says. "The regulators want banks to conduct assessments of cyber risks, and it really has to start with the assets that banks hold. In some of these organizations, they have grown significantly over time through acquisitions. They have moved from traditional banking to fintech, so asset identification can be a challenging thing to do."
Onyons says banks should start their risk management journey by understanding what they have and what they want to protect, the vulnerability of each asset in terms of location and configuration, and the critical servers the assets are running on.
In this interview with Information Security Media Group, Onyons also discusses:
- The primary highlights of the new cybersecurity requirements as mandated by the financial regulator;
- How banks must meet the new requirements;
- The gaps in the current regulations.
Onyons has more than two decades of information technology and cybersecurity experience, most recently in the area of finance regulation. He currently serves as a senior adviser to the U.K. National Cyber Security Center, where he works on the NCSC Advisory Group to support the NCSC Industry 100 initiative to improve cyber resilience across the U.K.