THE BANGKO SENTRAL ng Pilipinas (BSP) has launched a framework to enhance cyber resilience in the financial services sector.
The 2024-2029 Financial Services Cyber Resilience Plan (FSCRP) will serve as “the primary framework covering the high-level goals and strategies that aim to deepen the industry’s overall cyber resilience and maturity,” the central bank said.
“Our plan is not just a response to the threats we face, but a proactive strategy to anticipate and mitigate future risks,” BSP Governor Eli M. Remolona, Jr. said at the launch of the FSCRP on Tuesday.
“It’s our commitment to creating a robust, secure, and resilient financial system that can withstand cyber incidents and recover quickly from them,” he added.
The plan aims to create and promote defined and coordinated incident response protocols and mechanisms, active sharing and collaboration, strong cybersecurity culture and awareness, as well as holistic cybersecurity best practices and standards.
Some initiatives under the framework include establishing baseline industry incident response plans, developing scenario-based incident response playbooks and conducting industry-wide cyber testing exercises, according to the central bank.
It also seeks to expand and improve the Bankers Association of the Philippines’ Cybersecurity Incident Database, create cyber education programs, and push for policy reforms on digital security controls, among others.
“Cyber threats are evolving at an alarming rate, becoming ever more diabolical. As financial institutions embrace digital innovation, we also become prime targets for cyberattacks,” Mr. Remolona said.
Central bank data showed that nearly 60% of cyber fraud losses reported by BSP-supervised financial institutions (BSFIs) in 2023 was due to account takeovers, identity theft and phishing. This was also more than double the percentage reported in 2022.
The finance and insurance industry was the top most attacked sector in 2018 and 2020, and ranked second from 2021 to 2022, the BSP said, citing the IBM X-Force Threat Intelligence Index report.
“These attacks not only threaten the disability of individual institutions but also pose systemic risks to the entire financial system and undermine the trust in the system,” Mr. Remolona added.
The plan will be reviewed on a quarterly basis, the BSP said.
A council will also be established to oversee the implementation of the plan, which will include board and senior level officials from industry associations, BSFIs and senior management of the central bank. — Luisa Maria Jacinta C. Jocson
