The Securities and Exchange Commission, SEC, has advocated the need for a robust strategy to mitigate cyber risk which poses significant threat to market confidence, integrity and efficiency.
The SEC said that cyber risk poses a significant threat to market confidence, integrity and efficiency.
Director General of the Commission, Mr. Lamido Yuguda who said this during the Central Securities Clearing System Cyber Securities conference recently, stated that the importance of Cybersecurity to the financial sector needs to be underscored because people’s hard-earned income and other financial instruments are saved and invested in it.
According to him, “In the Nigerian capital market, we clearly take issues on cybersecurity very serious due to the increasing volume of data and information that are stored electronically, coupled with the increased adoption of digitization and digitalization options in processing market transactions on daily basis.
“Today, more of our market activities are conducted through the use of technology than ever before. While this has significantly raised efficiency levels, it has introduced our market’s exposure to a new set of risks, including cybersecurity risk, which we must recognize and manage.
The DG said that the experience of the Covid-19 pandemic, which necessitated the activation of business continuity plans through remote operations has further increased the rate at which stakeholders embrace technology and underscores the critical need to protect our systems from existing and potential threats that are present in cyberspace.
Yuguda stated that cyber-attacks on financial institutions are often with the aim of gaining access to sensitive and confidential information for illicit financial gains. With the increased interconnectivity among financial institutions, a cyber-attack from one location or entity may have an impact on the entire system, thereby compromising the functions and safety of several sectors of the economy.
It is in this regard he stated, that the Securities and Exchange Commission (SEC) appreciates the efforts of the Federal Government of Nigeria, through the Office of the National Security Adviser, in developing the National Cybersecurity Policy and Strategy 2021.
“The Policy is focused on achieving its objectives through strengthening cybersecurity governance and coordination;protection of critical National Information Infrastructure;enhancing cybersecurity incident management; strengthening legal and regulatory framework; enhancing cyber defence capability; promoting a thriving digital economy; and enhancing international cooperation among others.
“In November 2021, the capital market community received updates from the Office of the National Security Adviser (NSA) at a workshop it sponsored for the Capital Market, and a detailed presentation on the national cybersecurity policy was also made at the Capital Market Committee (CMC) meeting in the fourth quarter of 2021.
“The International Organization of Securities Commissions (IOSCO) to which Nigeria is a full member, has also done considerable work in making its members aware of the increasing risks around Cybersecurity. The IOSCO Board has provided guidance through its ‘Guidance on Cyber Resilience for Financial Market Infrastructures’ report, indicating the various plans or measures that industry stakeholders could adopt to ensure cybersecurity.
“It encourages regulated entities to adopt practices that are appropriate to their unique functions. Nevertheless, it notes that these should cover the identification of critical assets, protection measures and controls to enhance security, detection of abnormal activity or patterns, response plans in the event of an attack, and recovery plans to resume operations.
He disclosed that the SEC Nigeria is developing policy and regulatory responses to emerging cyber risks in its Rules and Regulations on capital market activities and products that leverage technology, as well as in the Minimum Operating Standards for capital market operators, for which clear provisions for cybersecurity have been made.
He stated that “Due to the importance of data protection, the Federal Government created the Nigeria Data Protection Bureau (NDPB) in February 2022. The NDPB has issued a Compliance Notice introducing the National Data Protection Adequacy Programme (NaDPAP) which guarantees every citizen of Nigeria a Right to Privacy. This is one of the concerted efforts by the NDPB to create more awareness on the obligations of Data Controllers/Processors under the NDPR, 2019.
“Therefore, awareness and action at the national level should spur the various sectors of the economy to protect themselves from cyber threat by ensuring that they adhere to either industry standards or national policy carefully”.
In further recognition of the role technology will continue to play in the markets, the DG disclosed that the Commission is set to release its Guidelines on Minimum Operating Standards for Information Technology for Capital Market Operators (CMOs). The guidelines will cover, among other important areas, the Computing Environment, Information Technology/Information Systems Management and Governance, IT Business Continuity and Disaster Recovery.
He assured that the Commission through these Guidelines will encourage the establishment of an Information Security and Cybersecurity Policy to be in place to form part of the Enterprise IT Policy of capital market intermediaries, platforms and other financial market infrastructures.
“Within the guidelines, we expect stakeholders to conduct regular penetration tests at least annually to detect vulnerabilities and check the resilience of their networks and systems to threats and malicious activities.
“Cybersecurity is a critical issue for the financial sector, and the capital market is up to the task of ensuring that it provides the necessary safety nets for investors and stakeholders” he added.
Yuguda therefore stated that the CSCS has come a long way and today stands as a pillar in our market given the fact that it is a critical and technology-driven market infrastructure, it is not only appropriate but well placed for it to organize discussions around cybersecurity.