Cyber Risk Management Frameworks for the South African Banking Industry

Abstract

Since the dawn of technology, the banking industry has relied on technology to support its operations. Unfortunately, the banking industry has been exposed to cyber risks as a result of the same technology, which has resulted in enormous financial losses. South Africa has the world's third-highest number of cyberattacks, with the banking industry being the most targeted. As a result, it is critical for the banking industry in South Africa to implement effective cyber risk management procedures. The South African Reserve Bank (SARB) requires that these procedures be aligned to the cyber resilience guidelines of the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO). The CPMI–IOSCO cyber resilience guidance provides guidelines that should be addressed by a bank's cyber risk management framework. The aim of this research is to determine if the Improving Critical Infrastructure Cybersecurity (ICIC) framework addresses the CPMI–IOSCO cyber resilience guidelines. The results were gathered by examining the ICIC framework and mapping it against the CPMI–IOSCO cyber resilience guidelines. It was revealed that, the ICIC framework addresses up to 71% of the CPMI–IOSCO cyber resilience guidelines