Cybersecurity in Credit Reporting Guidelines

Current location： Home > Internaional Industry

Fontsize：Big Small Eyesight protective color：

The importance of credit reporting systems to the global financial system has been increasing over time. Robust credit reporting systems can promote not only access to affordable and sustainable credit for individuals and companies but also financial stability and economic growth. Credit reporting service providers (CRSPs) have been at the frontier of technology adoption to enhance their efficiencies as well as data acquisition, processing, and storage capabilities.

The credit reporting industry landscape has changed over the past decade with the adoption of new technologies and business models and the emergence of new players helping improve the speed of service provided and the quality and completeness of credit data. These positive changes in the credit reporting ecosystem, however, also present a source of risk for CRSPs. Several CRSPs have been subject to data breaches, denial-of service attacks, and phishing attacks, among other cyber incidents in the past decade. The incidents have resulted in severe financial, economic, operational, and reputational loss for the targeted organization and the industry at large. The implications can also be far reaching owing to increasing interconnectedness of the financial sector. Against this background, there is need for enhanced cybersecurity and data standards at the CRSP and jurisdiction levels.

This guideline provides findings of a landscaping survey conducted by the International Committee on Credit Reporting on CRSPs across the globe on current practices. The survey found that CRSPs worldwide generally were implementing cybersecurity practice. The survey also identified relevant key issues and characteristics. Based on the survey results, this guideline provides detailed guidance to CRSPs on managing cybersecurity and data privacy risk. The guidance focuses on the areas of strategy, governance, risk management, compliance, functional operations, technology operations, data privacy, awareness and education, information sharing and communications, and incident response and business continuity. In addition, it emphasizes the need to ensure a risk-based approach and proportionality in the application of the guideline. The guideline concludes by providing policy considerations that address some of the weaknesses identified in the survey. These recommendations are designed to enhance the security of national cyber space with respect to credit reporting.

Cybersecurity in Credit Reporting Guidelines.pdf

Source: World Bank