TCI’s financial industry experts slam ‘paper-based’ cybersecurity plans
TCI’s financial industry experts slam ‘paper-based’ cybersecurity plans
Publish Date: 2026-07-03 16:08:00
Source Domain: tcweeklynews.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
As organisations, industry leaders and regulators in the
financial services sector navigate the benefits and challenges of artificial
intelligence and cybersecurity risks, leaders were urged to fortify systems
against emerging threats.
What is cybersecurity, and why does
it matter?
According to Google, “Cybersecurity is the practice of
protecting digital systems, networks, devices, and sensitive data from
unauthorized access, cyber attacks, and damage. It involves a combination of
technologies, processes, and user awareness designed to keep information safe
and ensure business continuity.”
Preparing for these potential threats and strengthening
financial systems against them to ensure continuity formed the crux of a
blistering panel discussion on cybersecurity and business continuity at the
Turks and Caicos Islands Financial Services Commission’s Annual Industry
Meeting, held on Tuesday, 30 June at The Shore Club Resort, Providenciales.
Director of Information Technology at the FSC, Cathrice
Williams, said: “A plan is just a plan unless it’s put to the test.”
This blunt assessment set the tone for a spirited
engagement.
Experts on the panel dismissed the common practice of
organisations relying on static, consultant‑written incident response plans as
dangerously insufficient.
Jonathan Adie, Managing Director of Dataloch Tech, warned
local financial institutions: “The change in thinking now is people acknowledge
you’re going to have incidents, you are going to get attacked. It’s not a case
of if, it’s a case of when.”
Weighing in on the theme “Resilience by Design:
Governance, Cyber Readiness & Business Continuity for a Safer Financial
System”, local banking leadership and regulatory officials dissected why
many TCI firms are failing to build genuine resilience. They argued that the
issue is not solely a lack of policy, but also a lack of practice.
“Most companies in this room have never done any sort of
exercise,” Adie stressed, citing the failure of most business continuity plans
to survive even the first 90 minutes of a real‑world crisis.
The tech expert advocated for organisations to conduct what
he referred to as “threat penetration testing,” a far more aggressive standard
than typical vulnerability scanning, to expose structural weaknesses in a
firm’s network.
Echoing similar sentiments, Kenrick Walters, Director and
General Manager of Bordier Bank (TCI) Ltd., admitted that the local industry
has grappled with “copy‑and‑paste” compliance for years.
He said: “What we often find when we go into assessments or
firms on this island is that they do have quite good documentation… but
they’ve taken a policy from a consultant that’s literally just been copied and
pasted that isn’t fit for that particular organisation.”
Director of the Bank and Trust Department at the FSC,
Prudence Edwards, concluded that true resilience requires board‑level
accountability and argued that it is not an “IT problem” to be siloed away; it
is a fiduciary duty.
She stressed that without broad and active participation in
tabletop exercises and crisis simulations, the “resilience” claimed by many
firms is just a façade.