Stay up to date with our latest news
This Review assessed the Cyber risk management frameworks of Authorised Firms, Market Institutions, and Registered Auditors, focusing on governance, hygiene, and resilience. The Review aimed to evaluate:
The maturity of firms' Cyber risk management frameworks.
Compliance with DFSA Cyber Risk Management Rules (effective January 2024).
Growth in maturity since the 2022 Cyber Thematic Review.
Background
The DFSA introduced Cyber Risk Management Guidelines in 2020, transitioning these into mandatory Rules in the General Module of the DFSA Rulebook in 2024. These guidelines and Rules were developed to enhance firms' compliance and maturity in Cybersecurity practices, addressing inadequacies identified through previous supervisory activities.
Key Findings
While notable progress has been achieved, gaps remain in several areas requiring further focus to enhance cyber resilience.
Next Steps
The DFSA expects firms to:
Assess the Review’s findings and implement necessary measures.
Align their Cyber risk management frameworks with their operations' scale and complexity.
The DFSA will continue to:
Conduct firm-specific Cyber risk assessments to evaluate compliance and maturity.
Perform periodic thematic reviews to monitor growth in Cybersecurity practices.
Host events to raise Cybersecurity awareness and promote best practices.
This review underscores the DFSA’s commitment to strengthening Cyber resilience within DIFC. Firms are urged to proactively enhance their frameworks and comply with the mandatory rules to mitigate Cyber risks effectively.
J.Awan & partner’s specialist Cybersecurity risk management practice team can conduct independent Cyber assessments on behalf of firms to allow them to meet the DFSA requirements. Our risk team are already helping firms with the following.
SVF (Stored Value Facility) Assessments under CBUAE
Internal Audit/ National Electronic Security Authority (NESA) Assessments
ADGM Assessments
Local Cyber regulatory assessments in KSA and Oman
Please contact our specialist Risk team for more information erv.melgo@azakaw.com or mark@jawanpartners.com
Summary of DFSA Cyber Thematic Review 2024
The DFSA conducted a Cyber Thematic Review in alignment with its regulatory objectives and 2024 supervisory priorities.
Summary of DFSA Cyber Thematic Review 2024
The DFSA conducted a Cyber Thematic Review in alignment with its regulatory objectives and 2024 supervisory priorities.
This Review assessed the Cyber risk management frameworks of Authorised Firms, Market Institutions, and Registered Auditors, focusing on governance, hygiene, and resilience. The Review aimed to evaluate:
The maturity of firms' Cyber risk management frameworks.
Compliance with DFSA Cyber Risk Management Rules (effective January 2024).
Growth in maturity since the 2022 Cyber Thematic Review.
Background
The DFSA introduced Cyber Risk Management Guidelines in 2020, transitioning these into mandatory Rules in the General Module of the DFSA Rulebook in 2024. These guidelines and Rules were developed to enhance firms' compliance and maturity in Cybersecurity practices, addressing inadequacies identified through previous supervisory activities.
Key Findings
While notable progress has been achieved, gaps remain in several areas requiring further focus to enhance cyber resilience.
Next Steps
The DFSA expects firms to:
Assess the Review’s findings and implement necessary measures.
Align their Cyber risk management frameworks with their operations' scale and complexity.
The DFSA will continue to:
Conduct firm-specific Cyber risk assessments to evaluate compliance and maturity.
Perform periodic thematic reviews to monitor growth in Cybersecurity practices.
Host events to raise Cybersecurity awareness and promote best practices.
This review underscores the DFSA’s commitment to strengthening Cyber resilience within DIFC. Firms are urged to proactively enhance their frameworks and comply with the mandatory rules to mitigate Cyber risks effectively.
J.Awan & partner’s specialist Cybersecurity risk management practice team can conduct independent Cyber assessments on behalf of firms to allow them to meet the DFSA requirements. Our risk team are already helping firms with the following.
SVF (Stored Value Facility) Assessments under CBUAE
Internal Audit/ National Electronic Security Authority (NESA) Assessments
ADGM Assessments
Local Cyber regulatory assessments in KSA and Oman
Please contact our specialist Risk team for more information erv.melgo@azakaw.com or mark@jawanpartners.com