The survey, which was completed by 129 firms both on a mandatory and voluntary basis, also revealed the top five threats perceived by companies to be unintentional and deliberate information leaks, fraud, malicious code, and social engineering attacks.

cyber_security_survey.png

Pictured: The JFSC’s cyber-security survey revealed these as the top five threats as perceived by its respondents.

The JFSC undertook the survey to establish the overall maturity of local financial businesses’ cyber security practices. The regulator identified a cross-section of 75 licensed firms which were required to complete the survey, with a further 54 volunteering to respond to the survey’s 42 questions. 

John Harris, JFSC Director General commented: “The frequency, sophistication and impact of cyber-attacks is increasing so it is vitally important to ensure that Jersey has, and maintains, a reputation for sound cyber-security. We do not explicitly regulate local firms’ cyber-security practices but we do monitor how companies are assessing and mitigating risks to their businesses, and we expect them to notify us if a cyber incident has taken place.

“On the whole, the findings of our survey were mainly positive. The areas of concern are the relatively large proportion of firms that are yet to make cyber-security a business priority and the significant number that are not implementing controls around third parties, such as contractors, suppliers and customers.”

cybercrime_john_harris.jpg

Pictured: John Harris says it is “vitally important to ensure that Jersey has… a reputation for sound cyber-security.”

Darren Boschat, Head of Supervisory Risk added: “The findings of our survey very much reflects the results of a recent UK Government survey. We approached a wide spectrum of firms both in terms of size and regulated sectors which naturally led to a spread in the level of cyber-security maturity.

“While we recognise that the results are not necessarily representative of the industry as a whole, overall they do suggest that Jersey’s financial services sector has a reasonably high level of cyber-security maturity, albeit developing. It is positive to note that more than two thirds of those companies surveyed do expect to spend more money on cyber-security in the coming year so it is clearly becoming more of a priority.”

Following the results of the survey, the JFSC is now developing further its own cyber-security strategy as well as training its supervisors in order to better oversee and monitor local firms in this regard. The JFSC will also provide some guidance on where to seek further help for firms who find themselves subject to an incident.