The Board and senior management of the licensees must ensure that effective risk management practices are in place to address cyber security risks and that cyber security controls are periodically evaluated taking into account industry best practices and emerging cyber threats.