QCB's cyber security program provides Qatar's financial sector with 'unique visibility' on cyber risks, threats

With the emergence of cyber-attacks on financial institutions and the threat that it holds towards financial stability of the system, Qatar Central Bank (QCB) has established a dedicated cyber security function to guide financial institutions and help them in protecting the underlying information infrastructure from potential threats, and maintain a high level of cyber resilience.

This function focused at developing the fundamental elements of a cyber-security program, starting with the governance component among six key domains of cyber security pillars, the QCB said in its 10th Financial Stability Review (FSR).

These key domains include governance, threat intelligence, security operations, security architecture, risk management, and cyber security capabilities development.

This comprehensive cyber security program, QCB said, will provide it and the financial sector with a “unique visibility” on cyber risks and threat actors.

As part of this programme, QCB is collaborating with different stakeholders including some academic institutions to share knowledge and experience in the cyber security field.

Furthermore, as part of the threat intelligence, and risk management domains, the cyber security section gathers data on a monthly basis to identify the level of risk at different financial entities.

Key Risk Indicators (KRIs) are identified to keep the financial institutions aware of the new threats and unknown vulnerabilities, which will help to reduce the likelihood of these risks affecting the financial institutions.

These steps, the QCB said, are directed to ensure that the cyber security posture of the financial institutions in Qatar keeps continuously improving, which results in enhancing the level of financial stability in Qatar. It also enables the key decision makers in QCB to obtain consolidated view of the security position and execute the information security plans more efficiently.

This integrated security organisation will capitalise on the cyber security development and develop further optimum regulatory requirement and effective technical measures to maintain the stability of the financial sector.

In terms of contingency planning, the QCB has been working on strengthening business continuity practices in banks and other financial institutions by overseeing current practices and processes and setting new business continuity requirements.

This will ensure Qatar’s financial sector is "sufficiently resilient" to face any threat or risk, the QCB’s Financial Stability Review said.