EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Our portfolio of high-demand services is designed to address your cyber and privacy regulatory compliance requirements in a holistic and impactful way.
Read more
Building a cybersecurity framework
CIMA’s new cybersecurity rule arrives amid an increasing wave of breaches, particularly ransomware exploits. The Rule, which came into effect 27 November 2020, will help companies position for the growing threats by mandating annual cybersecurity risk assessments, the designation of a senior cybersecurity officer, and other policies and provisions.
“The Rule encourages a cross-functional approach to cybersecurity that goes beyond IT,” said Anil Persad, EY Caribbean Cybersecurity Leader. Companies are already assessing the Rule’s organizational impacts and making adjustments as needed, but the agility around this needs to increase. Even the largest companies in the world have been unable to avoid cybersecurity incidents, exposing hundreds of millions of highly confidential records (including user accounts and credentials), with severe reputational and financial backlash. Among the Caribbean Islands, financial institutions, government entities and more have been recently compromised and some subjected to ransomware attacks.
“Employees and former employees can be the biggest threats,” said Persad. He told the roundtable that, on average, three months pass between a cyberattack and its detection, a duration that has persisted for years. “Given that kind of time, an undetected insider can do a lot of damage.”