Preparing for the DFSA’s Cyber Resilience Assessment

The DFSA implemented Cyber Risk Management rules in January 2024. These rules set out the DFSA’s expectations for all authorised firms to maintain a cyber risk management programme that reflects the nature, scale, and complexity of their business in the DIFC. Compliance with the rules has been mandatory for all DFSA-registered firms from January 2024.

On 30 June 2026, the DFSA issued a Dear SEO Letter informing firms it is launching an annual self-assessment survey on cyber risk management practices. The purpose of this annual assessment is to enable the regulator to understand and evaluate the cybersecurity risk management practices of authorised firms.

With responses due by 24 July 2026, firms should use this opportunity to validate their cyber governance, identify gaps in their risk management framework, remediate issues, and gather supporting evidence for future DFSA risk assessments.

To support firms in both understanding and implementing the DFSA’s rules on cyber risk management, our UAE regulatory professionals from ACA Effecta are holding a webcast in collaboration with ACA Group’s cybersecurity specialists. This session examines what the DFSA is looking for during this exercise, highlights common challenges firms face in meeting the DFSA’s cyber expectations, and shares practical guidance to help you prepare submissions with confidence.

Discussion Topics

  • Understanding the 2026 DFSA Cyber Risk Self-Assessment and what it signals about the regulator’s supervisory priorities
  • Practical guidance on completing the assessment and avoiding common pitfalls
  • Managing third-party, outsourcing, and cloud risks in line with DFSA expectations
  • Identifying control gaps and using the assessment to strengthen your cyber risk framework
  • What to expect after submission and how to prepare for potential DFSA follow-up

Who Should Attend

Senior Executive Officers, Chief Compliance Officers, Chief Risk Officers, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, operational risk professionals, internal audit and IT governance teams, board members responsible for cyber resilience and operational resilience

Speakers

  • Aaron Pinnick, Senior Manager, Thought Leadership, ACA Group
  • Jade Ashpole, Managing Director, ACA Effecta