Cyber attacks are an increasing concern for e-commerce and the financial industry. The Cyber Resilience Framework (C-RAF) is one of the three pillars designed by the Hong Kong Monetary Authority (HKMA) to raise internet safety and assess risks in authorized financial institutions (AIs) to establish more effective preventative measures.
The five main analyzed factors in C-RAF include technology, delivery channel, tracked record on cyber threats, products and technology services, and organization characteristics. It is widely believed that technology tends to pose a higher risk level for AIs. However, research and adjustments to our assessment have revealed that delivery channel and organization characteristics pose more risks. These factors contribute to many security loopholes that frequently become the Achilles heel of AIs’ security systems.