3.3. Industry engagement
Recommendation 12. Foster mutual understanding of benefits of reporting
Financial authorities should engage regularly with FIs to raise awareness of the value and importance of incident reporting, understand possible challenges faced by FIs and identify approaches to overcome them when warranted.
Continuous engagement between financial authorities and FIs may help to develop a common understanding with regards to the framework and criteria for CIR, including CIR policy objectives. Discussions may also cover the legal and technical measures in place to protect information that is reported to financial authorities, including how and under what circumstances this incident information may be further shared. Financial authorities should consider periodically reviewing their CIR requirements and processes and incorporating feedback from FIs as appropriate. Such engagements could take place in the form of industry workshops and seminars, or dialogues with industry associations and FIs. Finally, sharing findings (in an aggregated and anonymised way) on cyber incident reports, i.e. on sectoral incident trends, could provide a beneficial feedback loop to FIs.
Recommendation 13. Provide guidance on effective CIR communication
Financial authorities should explore ways to develop, or foster development of, toolkits and guidelines to promote effective communication practices in cyber incident reports.
FIs may benefit from further guidance from authorities on effective practices in terms of the different types of reports associated with specific cyber incidents. Guidance could help improve the clarity of initial reporting. Guidance could also help standardise the quality of interim and final reporting when the reporting institution has more information (e.g. whether to include indicators of compromise or other more detailed information).