Summary of CySEC's Circular C512
Memo #24-2022
CySEC Circular No: C512
Date: 17/05/2022
Subject: Reporting of cyber-attack incidents
Purpose: To inform regulated entities that CySEC wishes to collect information on any cybersecurity incidents.
In Summary:
CySEC has issued the Circular C512 on 17/05/2022 to inform the Cyprus Investment Firms (‘CIFs’), UCITS Management Companies (‘UCITS MC’), Alternative Investment Fund Managers (‘AIFMs’) and Cyprus Stock Exchange Ltd, that CySEC wishes to collect information on any cybersecurity incidents, in order to further assess cybersecurity risks and take any required actions.
The risk of cyber-attacks is becoming more common and probable in recent years, due to various factors and developments.
CySEC notes that the information submitted by Regulated Entities will be exchanged with other EU National Competent Authorities (‘NCAs’) and the European Securities and Markets Authority (‘ESMA’) on an anonymous basis, so that other NCAs can identify potential related targets in their markets.
Regulated Entities are requested to report to CySEC, as of the date of this Circular C512, any cybersecurity incidents (both successful and unsuccessful attacks) which could generate disruptions. The characteristics of these incidents should be:
• Abnormal/extraordinary from the Regulated Entity’s scope, volume and level of sophistication.
• Using new means/techniques.
CySEC further notes that for the reporting, Regulated Entities should use the template which is attached on this Circular C512 and should file the relevant reports promptly, as soon as they become aware of these incidents, by emailing: cybersecurity.incident@cysec.gov.cy.
Read the CySEC Circular C512
Read more news at Regulatory News