Joint Standard 2 of 2024: Cybersecurity and cyber resilience - regulations take effect 1 June 2025

We have had a number of queries regarding the new Joint Standard - Cybersecurity and cyber resilience regulations.

I reached out to the FSCA regarding the timelines to application.

These concerns echo the same concerns raised during the consultation phase in 2023. Concerns as to the timelines to implementation were raised by #MMI #SAIA #Batseta #Guardrisk #ASISA?#JSE #SAIS - the response from the FSCA was:-

"Due to the nature of cyber risk, it would not be feasible or responsible to delay the?implementation of this Joint Standard longer than 12 months.?"

Urgency

If you were a child waiting for your birthday in June next year, it would seem impossibly far away, however in the world of Information Technology and in the realm of Cyber Security it does seem an impossibly short timeline. Cyber Security is by nature highly structured, heavily governed in terms of process and compliance. For light entertainment plug in "Plan the implementation of a new standard of cyber security" into ChatGPT - you will receive a six point plan including the below:

ChatGPT is by no means definitive, but as an aggregation of multiple content sources, it is useful in starting point to ensure you include everything that is commonly included.

What is underlines to me is that the task at hand is extensive, touching multiple areas - Business, Governance and Compliance, Security and Information Technology. This is a complex task , both in terms of the breadth, but also the depth of analysis required.

Over the next few weeks I am going to loop back to the standards themselves, and unpack areas that will be impacted.

Link to the documents on the Reserve Bank website.

#SARB #SouthAfricanReserveBank #PrudentialAuthority #Cybersecurity #Cyberresilience #Techsurve