Hong Kong’s Cybersecurity Fortification Initiative 2.0 can boost financial sector resilience

With great digitalization comes great cyber-resilience: the revised initiative is expected to facilitate smoother compliance and transitions.

The Hong Kong Monetary Authority (HKMA) has announced the second iteration of the Cybersecurity Fortification Initiative (CFI), which includes enhancements aimed at streamlining the cyber-resilience assessment process while maintaining effective control standards that commensurate with the latest technology trends. The CFI 2.0 will come into effect on 1 Jan 2021 and be implemented following a phased approach.

Originally launched in 2016, the CFI was meant to increase Authorized Institutions’ (AIs) cyber resilience and the overall banking stability of Hong Kong. The C-RAF, a risk-based framework for AIs required by the HKMA, has therefore been established to facilitate Ais to assess their own risk profiles and benchmark the level of defense and resilience required to accord appropriate protection against cyberattacks.

One cybersecurity firm has come out in support of CFI 2.0. Palo Alto Network’s Managing Director (Hong Kong and Macau) Wickie Fung feels the enhanced initiated will prevent cyberattacks, fortify customer data protection, and standardize cybersecurity in the Hong Kong financial sector.

Four years earlier, the firm had set up a C-RAF task force with expertise in security and operations, cloud, networks and infrastructure to assist organizations through the cyber-resilience assessment process. Resources are being put in place to help the industry and AIs through smooth transitions.

“The long-term and forward-looking approach taken by the HKMA is highly commendable as the introduction of a standardized approach to security will benefit the entire financial sector and may also act as a benchmark for other sectors. With our vision for a world where each day is safer than the one before, Palo Alto Networks looks forward to partnering with AIs to secure their digital transformation in this continually-evolving cybersecurity landscape,” said Fung.

The banking sector in the territory has undergone considerable change in recent years, including digital transformation, the adoption of public and private clouds, and the licensing of virtual banks. But as financial institutions produce, process and store sensitive customer data more than ever before, investment needs to be made to prevent this data from falling into the wrong hands, Fung noted.