Perspectives 2019 2020 Public Sector

Citi Perspectives 85 From Security to Resilience: Taking Cyber from the Realm of the IT Experts Into the World of Holistic Risk Management and Making It a Global Public Good Peter Sullivan Charlotte Branfield Cyber resilience enables us to foster financial inclusion and innovation while protecting consumers and their data. It is a critical part of the private and public sectors’ shared responsibility in ensuring the financial sector’s safety and soundness — a prerequisite for sustainable economic growth and social development. This motivated Citi to become an Official Partner of Commonwealth Cyber Declaration — the world’s largest intergovernmental agreement on promoting cyber resilience, across all sectors and members of the Commonwealth. The Declaration seeks to address one of the most pressing global issues of our time: Empower digitization, e-commerce, and innovation, while ensuring a free, open, and safe Internet. On 2 July 2019, in support of the Commonwealth Cyber Declaration, Citi ran simultaneously, a multi- country, strategic-level pilot exercise lasting four hours across six African countries, in partnership with Immersive Labs, the IMF, World Bank. Participants included central banks, domestic information sharing organizations, the critical local banks, mobile money service providers, stock exchanges, clearing houses, and telecommunication firms. The strategic nature of the exercise, focusing on fictitious global and local banks impacted by malware, explored the decisions leaders would need to consider, including market dependencies, connections, communication and escalation protocol, as well as the impact to the international and domestic payment flows. Earlier this year, Benoît Cœuré, Chair of the Committee on Payments and Market Infrastructures (CPMI) and Member of the Executive Board of the European Central Bank (ECB), spoke of “cyber resilience as a global public good.” His statement is a timely call to action, and helps elevate cyber from the world of IT experts to the wider context of economic, market, and enterprise risk management.