Cybersecurity Assessment
Cybersecurity Assessment
Cybersecurity Assessment

Cybersecurity Assessment

The auditing profession is an independent profession, which is frequently entrusted with performing audits and issuing independent assurance reports on the implementation of regulations, instructions or laws.

Assurance services include the Cybersecurity Assessment in banks as the global business environment has become highly dependent on the technology infrastructure, software and big data. Such environment needs protection against cyberattack threats and risks. Therefore, these entities constantly seek to develop cyber protection frameworks for their technology environment in order to maintain business continuity. Further, the regulators, in particular the banking regulators, issued resolutions and instructions regarding the minimum cybersecurity requirements.

Is Cybersecurity Assessment a mandatory requirement by any regulator in the State of Kuwait?

Yes, the Central Bank of Kuwait, as the regulator of the banking sector, has developed a strategic Cybersecurity Framework for Kuwaiti Banking Sector, which aims to create an integrated framework for addressing cyber risks. The Cybersecurity Framework comprises a set of initiatives, including the third initiative that covers the development of a guide for information security requirements and standards, which should be observed by local banks (refers to all banks including the Kuwaiti banks and the Foreign banks authorized by CBK), a cyber crisis management plan for cyberattacks in the banking sector, and requires local banks to assess inherent risks associated with protection levels of cybersecurity through an independent third-party auditor.

What is the objective of engaging an independent third-party auditor?

The objective is to assist the Boards of Directors in local banks to verify the adequacy and effectiveness of cybersecurity controls.

What are the criteria to be met by the independent third-party auditor?

They should have a specialist team providing cybersecurity assurance services. This specialization encompasses academic degrees, professional certifications, hands-on experience, and above all, the Central Bank of Kuwait approval of such knowledge and credentials.

What is the permitted term of engagement of the third-party auditor to provide assurance services to the same bank?

The Cybersecurity Framework for Kuwaiti Banking Sector issued by the Central Bank of Kuwait indicates that the maximum term of engagement of the same independent third-party auditor shall be two years.

To whom does the independent third-party auditor submit report on cybersecurity?

The Cybersecurity Framework for Kuwaiti Banking Sector issued by the Central Bank of Kuwait indicates that that the auditor’s report should be presented to the Board of Directors regarding the findings raised in the independent third-party auditor’s report.

What is the frequency of the cybersecurity assurance report?

The Cybersecurity Framework for Kuwaiti Banking Sector issued by the Central Bank of Kuwait indicates that the cybersecurity assurance report shall be submitted on a quarterly basis.

What is the added value to business entities from Cybersecurity Assessment?

  1. Ensure compliance with regulatory requirements of the Central Bank of Kuwait.

  2. Enhance the stakeholders’ confidence in reliability of technology systems ensuring the continuity of services.

  3. Ensure maintenance of information confidentiality and privacy of data relating to beneficiaries.

  4. Proactively manage risks associated with cyberattacks enhancing overall strategies of the entities.

What are the services offered by Baker Tilly in Cybersecurity Assessment area?

Baker Tilly provides a set of cybersecurity related services, including the following:

  • Secure software lifecycle management

  • Security considerations for emerging technologies

  • Mobile banking security

  • Customer self-service machines

  • Contactless technology

  • Access control management

  • Cryptography

  • Change and release management

  • Capacity management

  • Data privacy and security

  • Email security

  • Portable device security

  • Reputation protection

  • Logging, monitoring and security incident management

  • Vulnerability management

  • Human Resource security

  • Security awareness and training

  • Physical and environmental security

  • Business continuity and Disaster recovery (BC and DR)

  • Cyber threat intelligence management

Why Baker Tilly to provide this service?

Baker Tilly is distinguished by specialist professional experience and offers the following characteristics carrying added value to our clients as follows:

  • A global consulting firm operating in the State of Kuwait;
  • World-class laboratories equipped with state-of-the-art tools used for vulnerability assessment and cyberattack exposures;
  • Updated databases of automated systems enabling the cybersecurity assessment of any technology environment that a client adopts;
  • Local experience under an umbrella of a global network including more than 250 cybersecurity experts; and
  • Bilingual team
icon-angle icon-bars icon-times Scroll to Top