Capital markets sector vulnerable to cyber attacks; AFM makes recommendations

The AFM regards cyber risks as one of the important operational risks for capital market institutions. Not only is the number of cyber attacks increasing, their disruptive impact is also growing. Cyber-attacks can seriously damage business continuity. Together with the capital market sector, the AFM is working to further strengthen cyber resilience. The AFM will intensify this in the coming years, including in the context of new European legislation, the Digital Operational Resilience Act – DORA.

Self-assessment survey of capital market institutions

The self-assessments of the 14 capital market institutions (pdf, 2,3 mb)contain the latest observations on IT and cyber risk. The institutions include trading platforms, Proprietary traders and Clearing and settlement firms.

Recommendations

In response to the self-assessments, the AFM makes a number of recommendations for the capital market sector, including having and maintaining a cyber incident plan. The AFM also reminds market participants that not only their own information systems should be adequately secured, but also those of the cyber supply chain.

Preparations for DORA

In line with the recommendations, the financial sector will have to make preparations for DORA in the coming years. This new set of rules oversees uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector. The aim is to increase the sector’s digital operational resilience. DORA will come into force in 2025.