Hubbis: The first key observation raised by the discussion was the acknowledgement of the potential for poor risk culture to contribute to occurrences of cyber incidents. Members of the Cyber Security Advisory Panel (CSAP) advised that the board and senior management of financial institutions should set clear expectations for cyber risk culture, and subsequently monitoring and assessing how well the desired risk management culture is operating across the organisation.