The Hong Kong Monetary Authority (HKMA) announced today (3 November 2020) the launch of an upgraded Cybersecurity Fortification Initiative (CFI) 2.0, following industry consultation.
The HKMA introduced the CFI in 2016, which aims to raise the cyber resilience of Hong Kong’s banking system. The initiative is underpinned by three pillars: the Cyber Resilience Assessment Framework (C-RAF), the Professional Development Programme (PDP), and the Cyber Intelligence Sharing Platform (CISP).
To cope with the fast-changing cybersecurity landscape, the HKMA has recently completed a holistic review of the CFI through market studies, interviews and surveys, followed by extensive industry consultation.
The results of the review show that the banking industry is strongly supportive of the CFI. Over 90% of banks found the C-RAF useful, especially in identifying previously unrecognised gaps. All the banks found the Intelligence-led Cyber Attack Simulation Testing (iCAST) helpful in preparing for cyber attacks.
Taking into account the industry’s feedback during the review, the CFI has been further enhanced with a view to streamlining the cyber resilience assessment process while maintaining effective control standards that are commensurate with the latest technology trends. The CFI 2.0 will come into effect 1 January 2021 and be implemented following a phased approach.
Mr Arthur Yuen, Deputy Chief Executive of the HKMA, said, “Since the launch of the CFI in 2016, the global cybersecurity landscape has continued to evolve and banks have undergone further digital transformation. We have therefore enhanced the CFI to reflect the latest trends in technology and incorporate recent developments in global cyber practices. Enhancements have also been made to facilitate the development of the local talent pool for better management of cyber security risk. We believe CFI 2.0 will raise the cyber resilience of the banking sector to an even higher level.”
Hong Kong Monetary Authority
3 November 2020