What do we mean by ‘resiliency’?
It includes:
Cybersecurity policies and procedures that reflect guidance from regulators
Robust vendor management as vendors are a common cyber threat vector
Identifying and protecting the most important assets, the “crown jewels”
Conducting periodic vulnerability assessments and compromise assessments
Comprehensive business continuity processes
Tested incident response planning, including proactive communication with authorities
Education and training of employees, the C-Suite and board of directors
Most importantly, a firm must demonstrate a commitment to continuous improvement to address the evolving landscape of threats and regulations