Hong Kong Economic and Trade Office, USA
Hong Kong
News Release

The following is issued on behalf of the Hong Kong Monetary Authority:

HKMA launches Cybersecurity Fortification Initiative 2.0


For more information, please contact

Melissa Ng in New York City: (212) 752 3320
Wing Yan Tong in San Francisco: (415) 835 9315

Daniel McAtee in Washington, D.C.: (202) 238 6360

November 3, 2020 - The Hong Kong Monetary Authority (HKMA) announced today the launch of an upgraded Cybersecurity Fortification Initiative (CFI) 2.0, following industry consultation.

The HKMA introduced the CFI in 2016, which aims to raise the cyber resilience of Hong Kong's banking system. The initiative is underpinned by three pillars: the Cyber Resilience Assessment Framework (C-RAF), the Professional Development Programme (PDP), and the Cyber Intelligence Sharing Platform (CISP).

To cope with the fast-changing cybersecurity landscape, the HKMA has recently completed a holistic review of the CFI through market studies, interviews and surveys, followed by extensive industry consultation.

The results of the review show that the banking industry is strongly supportive of the CFI. Over 90 per cent of banks found the C-RAF useful, especially in identifying previously unrecognized gaps. All the banks found the Intelligence-led Cyber Attack Simulation Testing (iCAST) helpful in preparing for cyber attacks.

Taking into account the industry's feedback during the review, the CFI has been further enhanced with a view to streamlining the cyber resilience assessment process while maintaining effective control standards that are commensurate with the latest technology trends. The CFI 2.0 will come into effect January 1, 2021 and be implemented following a phased approach.

Mr Arthur Yuen, Deputy Chief Executive of the HKMA, said, “Since the launch of the CFI in 2016, the global cybersecurity landscape has continued to evolve and banks have undergone further digital transformation. We have therefore enhanced the CFI to reflect the latest trends in technology and incorporate recent developments in global cyber practices. Enhancements have also been made to facilitate the development of the local talent pool for better management of cyber security risk. We believe CFI 2.0 will raise the cyber resilience of the banking sector to an even higher level.”

2021 © | Important notices       Privacy policy      Accessibility                                                                                                                                                    Last Revision Date: January 5, 2021


Web For All W3C Web Accessibility initiative    
This website adopts web accessibility design and conforms to the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG) 2.0 Level AA standard. Should you have any enquiries or comments on its accessibility, please contact us by phone or email.