DFSA | THE INDEPENDENT REGULATOR OF FINANCIAL SERVICES

Supervisory Framework

Cyber security is a shared responsibility, and we take a co-operative approach to address cyber threats by engaging with Firms and all other stakeholders on this important topic. We apply a four point approach to cyber risk supervision as follows

Engage

Cyber security is a shared responsibility. Therefore, we engage with Firms, other regulators and professional associations. We understand that our involvement is essential for building cyber security awareness among Firms and we take a proactive approach to sharing knowledge, enhancing stakeholders awareness and supporting Firms in building their cyber resilience.

Our engagement approach includes outreach sessions and roundtable discussions dedicated to cyber security topics. It also includes engaging relevant institutions in cyber simulations that help them to test their response to cyber incidents and assess their cyber resilience.

Collaborate

We encourage Firms to cooperate and share information. To this effort, we maintain mechanisms for Firms to report cyber incidents to the DFSA and separately for Firms to share information with the DFSA, and amongst each other. In January 2020, the DFSA launched the DFSA Threat Intelligence Platform (TIP). It is the first financial services regulator-led cyber threat intelligence platform in the region, delivered in collaboration with leading government entities the Dubai Electronic Security Centre (DESC), the National Computer Emergency Response Team for the UAE (aeCERT). An independent cybersecurity specialist firm was appointed to manage and operate the platform and cybersecurity experts were engaged to contribute to TIP. The platform is available at no cost to all DFSA Authorised Firms. Regardless of size, all Firms play an important role in building a secure cyber environment for Firms and their clients. We encourage all Authorised Firms to register with TIP through the DFSA ePortal (make "ePortal" a link to the DFSA ePortal).

Evaluate

Our main objective is to support Firms to become more resilient to cyber threats. Therefore, we evaluate and monitor cyber risk in the centre and collect information about cyber incidents to assist us in better understanding the regional cyber risk landscape.

A risk assesment is a fundamental element of evaluation of cyber risk and includes Firm-specific desk-based and onsite risk assessments, self-assessments, and thematic reviews. The results of our assessment work are used to evaluate Firms’ cyber maturity levels and to tailor our actions towards mitigating cyber risks in the DIFC. We also collect information from Firms through various reporting obligations and use this information to inform our supervisory activities. 

Guide

From time to time, and as appropriate, we publish Rules and guidance to prescribe particular cyber security systems and controls and guidance to help Firms build stronger cyber resilience. We also engage in internal and external trainings to maintain our awareness of emerging cyber risks and supervision methodologies as well to develop a sustainable pool of cyber supervision resources.

Useful links

 

DFSA ePortal

Cyber Incident Notification Form

Thematic Reviews

DFSA Cyber Thematic Review 2020

G7 report

G7 Fundamental Elements of Cybersecurity for the Financial Sector

DFSA TIP

January 2020 launch event

DFSA TIP

Threat Intelligence Platform

DFSA TIP

Registration form

DFSA TIP

Threat Intelligence Workshop

For better web experience, please use the website in portrait mode