Licensees should ensure that appropriate resources are allocated to the cyber security risk management function for implementing the cyber security framework.