Cybersecurity for Financial Industry: An Analysis of the Cyber Resilience Assessment Framework

CONTENTS 1 2 CONTENTS PREFACE EXECUTIVE SUMMARY 1. THE CYBER RESILIENCE ASSESSMENT FRAMEWORK (C-RAF) Introduction Cybersecurity Assessment C-RAF and Other Cybersecurity Assessment Frameworks 2. INHERENT RISK ASSESSMENT (IRA) Overview Survey Result Survey Result – by size Indicator and Sub-domain Analysis Analysis by Service Provision Hierarchical Clustering Factor Analysis Inherent Risk Analysis: Summary 3. MATURITY ASSESSMENT (MA) Overview Survey Result Controls and Sub-Domain Analysis Responses IRA: Low Cybersecurity Staffing Risk for High-risk AIs Maturity Assessment: Summary 4. INHERENT RISK AND MATURITY Overview Domain Comparison Inherent Risk and Maturity Analysis Summary 5. C-RAF AND REAL-LIFE MEASURES SSL Certification Adoption Suboptimal Certification Adoption Time-series Analysis C-RAF and Real-life Measures: Summary CONCLUSION APPENDIX 4 5 13 16 18 22 24 26 29 32 34 37 39 42 46 47 50 50 53 56 60 62 64 67 69 69 70