Scribd Logo
Upload

Welcome to Scribd!

  • C512 To Regulated Entities Regarding Cyber Attack Incidents

    Uploaded by

    Alexander Ivanov
    6 views2 pages
    The Cyprus Securities and Exchange Commission (CySEC) issued a circular to regulated entities regarding reporting of cyber attack incidents. CySEC wants to collect information on any cybersecurity incidents affecting regulated entities in order to assess cybersecurity risks and targets in the market. Regulated entities are requested to promptly report any abnormal or extraordinary cyber attacks, using a template, by emailing the incidents to CySEC. The reported information will be anonymously shared with other EU authorities.

    Original Description:

    C512 to Regulated Entities Regarding Cyber Attack Incidents

    Original Title

    C512 to Regulated Entities Regarding Cyber Attack Incidents

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Cyprus Securities and Exchange Commission (CySEC) issued a circular to regulated entities regarding reporting of cyber attack incidents. CySEC wants to collect information on any cybersecurity incidents affecting regulated entities in order to assess cybersecurity risks and targets in the market. Regulated entities are requested to promptly report any abnormal or extraordinary cyber attacks, using a template, by emailing the incidents to CySEC. The reported information will be anonymously shared with other EU authorities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    C512 To Regulated Entities Regarding Cyber Attack Incidents

    Uploaded by

    Alexander Ivanov
    The Cyprus Securities and Exchange Commission (CySEC) issued a circular to regulated entities regarding reporting of cyber attack incidents. CySEC wants to collect information on any cybersecurity incidents affecting regulated entities in order to assess cybersecurity risks and targets in the market. Regulated entities are requested to promptly report any abnormal or extraordinary cyber attacks, using a template, by emailing the incidents to CySEC. The reported information will be anonymously shared with other EU authorities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    TO : Regulated Entities:

    i. Cyprus Investment Firms (‘CIFs’)


    ii. UCITS Management Companies (‘UCITS MC’)
    iii. Alternative Investment Fund Managers (‘AIFMs’)
    iv. Cyprus Stock Exchange Ltd

    FROM : Cyprus Securities and Exchange Commission


    DATE : 17 May 2022
    CIRCULAR NO : C512
    SUBJECT : Reporting of cyber-attack incidents

    The Cyprus Securities and Exchange Commission (‘CySEC’) wishes herein to collect information
    on any cybersecurity incidents, in order to further assess cybersecurity risks and take any
    required actions. In particular:

    1. The risk of cyber-attacks is becoming more common and probable in recent years, due to
    various factors and developments. Such factors/developments include the increased
    appetite for investments in virtual products, the increase in the number of digitalized
    processes due to the covid-19 pandemic, the reliance on group IT arrangements for
    investment firms that are part of a large group and the geopolitical situation in Ukraine.

    2. Taking the above into consideration, and in order to support the monitoring and mitigation
    of this risk, CySEC wishes to collect information on any cybersecurity incident affecting
    Regulated Entities, in order to assess potential related targets in the market and take
    preventative/mitigating measures. Additionally, the collection of information will allow
    CySEC to collectively assess whether and how cyber risk is evolving in the market.

    3. The information submitted by Regulated Entities will be exchanged with other EU National
    Competent Authorities (‘NCAs’) and the European Securities and Markets Authority (‘ESMA’)
    on an anonymous basis, so that other NCAs can identify potential related targets in their
    markets.

    4. Therefore, Regulated Entities are requested to report to CySEC, as of the date of this circular,
    any cybersecurity incidents (both successful and unsuccessful attacks) which could generate
    disruptions. The characteristics of these incidents should be:
    • Abnormal/extraordinary from the Regulated Entity’s scope, volume and level of
    sophistication.
    • Using new means/techniques.
    5. For this reporting, Regulated Entities should use the template which is attached here and
    should file the relevant reports promptly, as soon as they become aware of these incidents,
    by emailing: cybersecurity.incident@cysec.gov.cy.

    Yours sincerely,

    Dr. George Theocharides


    Chairman of the Cyprus Securities and Exchange Commission

    You might also like