18 Oct 2023
TIP Report 2023
Cyber security is a shared responsibility, and we take a co-operative approach to address cyber threats by engaging with Firms and all other stakeholders on this important topic. We apply a four point approach to cyber risk supervision as follows
Cyber security is a shared responsibility. Therefore, we engage with Firms, other regulators and professional associations. We understand that our involvement is essential for building cyber security awareness among Firms and we take a proactive approach to sharing knowledge, enhancing stakeholders awareness and supporting Firms in building their cyber resilience.
Our engagement approach includes outreach sessions and roundtable discussions dedicated to cyber security topics. It also includes engaging relevant institutions in cyber simulations that help them to test their response to cyber incidents and assess their cyber resilience.
We encourage Firms to cooperate and share information. To this effort, we maintain mechanisms for Firms to report cyber incidents to the DFSA and separately for Firms to share information with the DFSA, and amongst each other. In January 2020, the DFSA launched the DFSA Threat Intelligence Platform (TIP). It is the first financial services regulator-led cyber threat intelligence platform in the region, delivered in collaboration with leading government entities the Dubai Electronic Security Centre (DESC), the National Computer Emergency Response Team for the UAE (aeCERT). An independent cybersecurity specialist firm was appointed to manage and operate the platform and cybersecurity experts were engaged to contribute to TIP. The platform is available at no cost to all DFSA Authorised Firms. Regardless of size, all Firms play an important role in building a secure cyber environment for Firms and their clients. We encourage all Authorised Firms to register with TIP through the DFSA ePortal (make "ePortal" a link to the DFSA ePortal).
Our main objective is to support Firms to become more resilient to cyber threats. Therefore, we evaluate and monitor cyber risk in the centre and collect information about cyber incidents to assist us in better understanding the regional cyber risk landscape.
A risk assesment is a fundamental element of evaluation of cyber risk and includes Firm-specific desk-based and onsite risk assessments, self-assessments, and thematic reviews. The results of our assessment work are used to evaluate Firms’ cyber maturity levels and to tailor our actions towards mitigating cyber risks in the DIFC. We also collect information from Firms through various reporting obligations and use this information to inform our supervisory activities.
From time to time, and as appropriate, we publish Rules and guidance to prescribe particular cyber security systems and controls and guidance to help Firms build stronger cyber resilience. We also engage in internal and external trainings to maintain our awareness of emerging cyber risks and supervision methodologies as well to develop a sustainable pool of cyber supervision resources.
For better web experience, please use the website in portrait mode