BSP green-lights grand plan vs ‘diabolical’ cybercrimes
The Bangko Sentral ng Pilipinas activated a cyber resilience plan that covers BSP-supervised financial institutions for the next five years to combat cybercrimes that have become “more diabolical.”
The plan’s first goal is to establish “defined and coordinated” response protocols and plans that multiple industry players can follow when dealing with major cybersecurity incidents, according to the 2024-2029 Financial Services Cyber Resilience Plan (FSCRP) released on Tuesday.
Such a response protocol must cover—at a minimum—triggers for activation, escalation protocols and crisis communication, the BSP said.
The regulator also aims to develop scenario-based incident response playbooks on threats like data breaches, as well as explore the possibility of setting up an Industry Security Operations Center (SOC).
To ensure a smooth implementation, the BSP said the plan will be assessed at least quarterly to adjust priority actions.
”In an era where digital transformation is reshaping the financial landscape, robust cybersecurity measures have never been more critical,” BSP Governor Eli Remolona Jr. said.
“The FSCRP is our proactive response to the growing complexities of cyber threats,” Remolona added.
Based on reports submitted by BSP-supervised financial companies, 59.48 percent of cyber fraud losses in 2023 were due to account takeover, identity theft and phishing attacks. This was more than twice the level that was recorded in 2022.
The implementation of the FSCRP is expected to help build consumers’ trust in the financial system.
After successfully converting over half of retail payments last year to digital platforms, the BSP acknowledged that the next 20 percent “would equally be challenging, if not more challenging than the first 50 percent.”
To achieve that, the central bank said it would have to enhance anti-fraud defenses, among other steps.
Apart from creating response protocols, the FSCRP also seeks to formulate strategies to institutionalize and expand the sharing of cyberthreat intelligence across the financial community, including coordination and collaboration with other industry stakeholders.
The BSP also wants to mainstream cyber education and awareness programs for financial clients and increase the industry’s adoption of best practices and standards that covers all cybersecurity domains.
“Cyber threats are evolving at an alarming rate, becoming ever more diabolical. As financial institutions embrace digital innovation, we also become prime targets for cyber attacks,” Remolona said.
”These attacks not only threaten the disability of individual institutions but also pose systemic risks to the entire financial system and undermine the trust in the system,” he added.