TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Enabling cyber risk disclosures to drive financial resilience
Cyber risk disclosures should be an integrated requirement in banks' annual reports in light of the significant rise in cybercrimes during the pandemic, especially those targeting the banking industry.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Stock illustration of hacking (Shutterstock/File)
The COVID-19 pandemic is an external shock and banks across the world have been helping to fund emergency response efforts. As the pandemic continues with no one knowing when it will end, banks must continue to address obstacles to retain profitability, maintain future financial resilience and avoid the risk of cyberattacks.
As the 2021 COVID Crime Index reported, cybercrimes were the most significant element impeding or affecting financial institutions and their customers between March 2020 and March 2021 that resulted in financial losses.
Due to banks’ reliance on information and their essential role in the credit intermediation process, the banking industry has been a major target of cybercrimes. This made it imperative for the industry to identify, assess, manage and report all forms of risks so they could be used to make better decisions.
The Standing Advisory Group of the nonprofit Public Company Accounting Oversight Board (PCAOB) also considered the potential consequences of cybersecurity on financial reporting and audits. As a Group of 20 member, Indonesia also issued a regulation on cyber incident response and recovery through the Financial Services Authority (OJK).
The components are nearly identical to those found in the Financial Stability Board (FSB) toolkit as defined by OJK Regulation No. 38/2016 on Implementation of Technology and Information Risk Management by Banks, which was amended by OJK Regulation No. 13/2020 and OJK Circular No. 21/2017.
As part of its regular assessment of operational risks, the OJK also assesses banks’ information technology systems that have been involved in cyber incidents. Unfortunately, there is no specific requirement that cybersecurity risks or incidents be disclosed in annual reports.
The increasing complexity and digitalization of the banking industry has the potential for cyber risks that can disrupt banking performance. The more a system is based on intangibles, the more vulnerable it is, so the organization’s financial performance is unstable and risks being nonresilient.
