{"id":22259,"date":"2022-12-19T15:05:37","date_gmt":"2022-12-19T14:05:37","guid":{"rendered":"https:\/\/optimiso-group.com\/?p=22259"},"modified":"2023-03-28T11:23:40","modified_gmt":"2023-03-28T09:23:40","slug":"finma-risk-monitor-2022-top-4-cyber-risks-controls","status":"publish","type":"post","link":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/","title":{"rendered":"FINMA Risk Monitor 2022 – Top 4 Cyber Risks controls"},"content":{"rendered":"

On 10.11.2022, FINMA published its 2022 Risk Monitor<\/a>. It provides an overview of what FINMA believes are the most important risks that supervised institutions are facing today. One of the key risks, amongst interest rate risk, credit risk, market risk, AML, and market access to Europe, are Cyber Risks<\/strong>.<\/p>\n

We would like to share with you the top 4 internal controls<\/a> regarding Cyber Risks you have to have in place as an asset manager<\/strong>, no matter whether you are operating under the direct supervision of FINMA or are subject to supervision by a supervisory organization (SOs).<\/p>\n

 <\/p>\n

\"risques<\/p>\n

 <\/p>\n

Control 1: Annual IT-Risk-Self-Assessment<\/strong><\/h2>\n

At least annually, ensure your IT-Responsible(s) carry out an IT-Risk-Self-Assessment. Ideally, this is required by your IT-Security Policy. The assessment should be carried out with a standardized questionnaire to track changes (improvements) over time. After completion, ensure the results are discussed with top management, action plans are developed and implemented in due time.<\/p>\n

Be aware that it also applies if you have outsourced your IT or any other services completely or partially. With respect to outsourced activities: make sure, you periodically review the IT-Security-Setup of your external partners. Their security issues might become yours very quickly. The best way to cover this task is to initiate a separate control covering your outsourcing risks (on-boarding, instructing \/review \/ monitoring, off-boarding of outsourcing partners).<\/p>\n

 <\/p>\n

Control 2: Annual Disaster-Recovery Test<\/strong><\/h2>\n

At least once a year, ensure you actually do carry out at least one properly designed and carefully planned disaster-recovery test (your BIA<\/em> can give you hints on what to look out for or what to test) with a complete protocol of events, findings and actions to be taken. Disaster-Recovery Plans look nice on paper, but can proof to be very useful.<\/p>\n

 <\/p>\n

Control 3: Review of IT-Security Policy<\/strong><\/h2>\n

At least annually, you should review your IT-Security Policy and potentially take into account findings from your IT-Risk-Self-Assessment and your Disaster-Recovery Test. For all your policies, set an expiry date. This forces you to review and reapprove them.<\/p>\n

 <\/p>\n

Control 4: Cyber Risk Awareness and Training<\/strong><\/h2>\n

At least every 6 months, ensure all your staff undergoes an IT-Security Awareness-\/Training session. In general, the weakest link in your IT-Security-Setup is human. Walk your team through your IT-Security-Policy, elaborate on past incidences, tell them how to report incidences, how to act if in doubt. Instead of the HR Departement, identify an expert to carry out these sessions.<\/p>\n

Also, make sure all your employees, in particular your executives are fully aware of the \u201cFINMA Guidance 05\/2020<\/a>\u201d (Duty to report cyber-attacks pursuant to Article 29 para. 2).<\/p>\n

In case you have outsourced your IT or any other services, ensure your outsourcing partners are aware of this FINMA guidance and fully understands its implications. It\u2019s your duty to properly instruct them.<\/p>\n

 <\/p>\n

\"risques<\/p>\n

 <\/p>\n

These four controls cover the basis. It\u2019s a good starting point for more elaborate, maybe more technical and process-oriented controls further down the line.<\/p>\n","protected":false},"excerpt":{"rendered":"

On 10.11.2022, FINMA published its 2022 Risk Monitor. It provides an overview of what FINMA believes are the most important risks that supervised institutions are facing today. One of the key risks, amongst interest rate risk, credit risk, market risk, AML, and market access to Europe, are Cyber Risks. We would like to share with […]<\/p>\n","protected":false},"author":6,"featured_media":22241,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_mo_disable_npp":"","footnotes":""},"categories":[121],"tags":[113,136],"class_list":["post-22259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles-en","tag-internal-control","tag-risks"],"acf":[],"yoast_head":"\nFINMA Risk Monitor 2022 - 4 controls related to Cyber Risks<\/title>\n<meta name=\"description\" content=\"Following the FINMA Risk Monitor 2022, discover the 4 main controls related to cyber risks to be implemented tomorrow!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FINMA Risk Monitor 2022 - 4 controls related to Cyber Risks\" \/>\n<meta property=\"og:description\" content=\"Following the FINMA Risk Monitor 2022, discover the 4 main controls related to cyber risks to be implemented tomorrow!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\" \/>\n<meta property=\"og:site_name\" content=\"Optimiso Group\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-19T14:05:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-28T09:23:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Fran\u00e7ois-R\u00e9gis Lafarge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fran\u00e7ois-R\u00e9gis Lafarge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\"},\"author\":{\"name\":\"Fran\u00e7ois-R\u00e9gis Lafarge\",\"@id\":\"https:\/\/optimiso-group.com\/#\/schema\/person\/4a93bbfe4e52de7910640c3f612545d7\"},\"headline\":\"FINMA Risk Monitor 2022 – Top 4 Cyber Risks controls\",\"datePublished\":\"2022-12-19T14:05:37+00:00\",\"dateModified\":\"2023-03-28T09:23:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\"},\"wordCount\":491,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/optimiso-group.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png\",\"keywords\":[\"internal control\",\"Risks\"],\"articleSection\":[\"Articles\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\",\"url\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\",\"name\":\"FINMA Risk Monitor 2022 - 4 controls related to Cyber Risks\",\"isPartOf\":{\"@id\":\"https:\/\/optimiso-group.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png\",\"datePublished\":\"2022-12-19T14:05:37+00:00\",\"dateModified\":\"2023-03-28T09:23:40+00:00\",\"description\":\"Following the FINMA Risk Monitor 2022, discover the 4 main controls related to cyber risks to be implemented tomorrow!\",\"breadcrumb\":{\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage\",\"url\":\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png\",\"contentUrl\":\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png\",\"width\":1000,\"height\":400,\"caption\":\"risques asset management\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/optimiso-group.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FINMA Risk Monitor 2022 – Top 4 Cyber Risks controls\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/optimiso-group.com\/#website\",\"url\":\"https:\/\/optimiso-group.com\/\",\"name\":\"Optimiso Group\",\"description\":\"Optimiso software turns your regulatory constraints into real benefits. Discover our simple and useful solutions for your projects related to internal organisation, ISO certifications, internal control and risk management.\",\"publisher\":{\"@id\":\"https:\/\/optimiso-group.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/optimiso-group.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/optimiso-group.com\/#organization\",\"name\":\"Optimiso Group\",\"url\":\"https:\/\/optimiso-group.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/optimiso-group.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2018\/03\/logo-optimiso-group.png\",\"contentUrl\":\"https:\/\/optimiso-group.com\/wp-content\/uploads\/2018\/03\/logo-optimiso-group.png\",\"width\":351,\"height\":177,\"caption\":\"Optimiso Group\"},\"image\":{\"@id\":\"https:\/\/optimiso-group.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/optimiso-group.com\/#\/schema\/person\/4a93bbfe4e52de7910640c3f612545d7\",\"name\":\"Fran\u00e7ois-R\u00e9gis Lafarge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/optimiso-group.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/df285cbac769c2ada1c553ef2a78f681?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/df285cbac769c2ada1c553ef2a78f681?s=96&d=mm&r=g\",\"caption\":\"Fran\u00e7ois-R\u00e9gis Lafarge\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FINMA Risk Monitor 2022 - 4 controls related to Cyber Risks","description":"Following the FINMA Risk Monitor 2022, discover the 4 main controls related to cyber risks to be implemented tomorrow!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/","og_locale":"en_US","og_type":"article","og_title":"FINMA Risk Monitor 2022 - 4 controls related to Cyber Risks","og_description":"Following the FINMA Risk Monitor 2022, discover the 4 main controls related to cyber risks to be implemented tomorrow!","og_url":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/","og_site_name":"Optimiso Group","article_published_time":"2022-12-19T14:05:37+00:00","article_modified_time":"2023-03-28T09:23:40+00:00","og_image":[{"width":1000,"height":400,"url":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png","type":"image\/png"}],"author":"Fran\u00e7ois-R\u00e9gis Lafarge","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fran\u00e7ois-R\u00e9gis Lafarge","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#article","isPartOf":{"@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/"},"author":{"name":"Fran\u00e7ois-R\u00e9gis Lafarge","@id":"https:\/\/optimiso-group.com\/#\/schema\/person\/4a93bbfe4e52de7910640c3f612545d7"},"headline":"FINMA Risk Monitor 2022 – Top 4 Cyber Risks controls","datePublished":"2022-12-19T14:05:37+00:00","dateModified":"2023-03-28T09:23:40+00:00","mainEntityOfPage":{"@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/"},"wordCount":491,"commentCount":0,"publisher":{"@id":"https:\/\/optimiso-group.com\/#organization"},"image":{"@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage"},"thumbnailUrl":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png","keywords":["internal control","Risks"],"articleSection":["Articles"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/","url":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/","name":"FINMA Risk Monitor 2022 - 4 controls related to Cyber Risks","isPartOf":{"@id":"https:\/\/optimiso-group.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage"},"image":{"@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage"},"thumbnailUrl":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png","datePublished":"2022-12-19T14:05:37+00:00","dateModified":"2023-03-28T09:23:40+00:00","description":"Following the FINMA Risk Monitor 2022, discover the 4 main controls related to cyber risks to be implemented tomorrow!","breadcrumb":{"@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#primaryimage","url":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png","contentUrl":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2022\/12\/langage-binaire.png","width":1000,"height":400,"caption":"risques asset management"},{"@type":"BreadcrumbList","@id":"https:\/\/optimiso-group.com\/en\/articles-en\/finma-risk-monitor-2022-top-4-cyber-risks-controls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/optimiso-group.com\/en\/"},{"@type":"ListItem","position":2,"name":"FINMA Risk Monitor 2022 – Top 4 Cyber Risks controls"}]},{"@type":"WebSite","@id":"https:\/\/optimiso-group.com\/#website","url":"https:\/\/optimiso-group.com\/","name":"Optimiso Group","description":"Optimiso software turns your regulatory constraints into real benefits. Discover our simple and useful solutions for your projects related to internal organisation, ISO certifications, internal control and risk management.","publisher":{"@id":"https:\/\/optimiso-group.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/optimiso-group.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/optimiso-group.com\/#organization","name":"Optimiso Group","url":"https:\/\/optimiso-group.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/optimiso-group.com\/#\/schema\/logo\/image\/","url":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2018\/03\/logo-optimiso-group.png","contentUrl":"https:\/\/optimiso-group.com\/wp-content\/uploads\/2018\/03\/logo-optimiso-group.png","width":351,"height":177,"caption":"Optimiso Group"},"image":{"@id":"https:\/\/optimiso-group.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/optimiso-group.com\/#\/schema\/person\/4a93bbfe4e52de7910640c3f612545d7","name":"Fran\u00e7ois-R\u00e9gis Lafarge","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/optimiso-group.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/df285cbac769c2ada1c553ef2a78f681?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/df285cbac769c2ada1c553ef2a78f681?s=96&d=mm&r=g","caption":"Fran\u00e7ois-R\u00e9gis Lafarge"}}]}},"_links":{"self":[{"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/posts\/22259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/comments?post=22259"}],"version-history":[{"count":0,"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/posts\/22259\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/media\/22241"}],"wp:attachment":[{"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/media?parent=22259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/categories?post=22259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/optimiso-group.com\/en\/wp-json\/wp\/v2\/tags?post=22259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}