/ Lead Resource — 2026 Edition

The DFSA & FSRA Cyber Readiness Checklist.

A 38-point self-assessment for DIFC and ADGM authorised firms. Identify the gaps before your examiner does.

Two cyber rule sets now bind every financial firm in the UAE's financial free zones.

DFSA Cyber Risk Management Rules (GEN 5.5) took effect 1 January 2024 and apply to every DIFC-authorised firm, registered auditor, credit rating agency and authorised market institution.

FSRA Cyber Risk Management Rules (GEN 3.5) took effect 31 January 2026 and apply to every ADGM Authorised Person and Recognised Body.

Both regulators expect a documented framework, named senior accountability, board-level oversight, incident response readiness, third-party cyber risk management, and rapid notification of material incidents — within 24 hours under FSRA GEN 3.5.18, and "without undue delay" under DFSA GEN 5.5.17.

What you get

38-point self-assessment across 8 control domains
Red / amber / green scoring system you can complete in 90 minutes
Score interpretation guide — what each band means and what to do next
Written for compliance officers and senior management, not just IT
Branded 6-page PDF, instant email delivery

If you score green on fewer than 30 of the 38 items, you are not in a defensible position for a thematic review or a live incident. Most firms self-assess at 20–25 green on first pass.

Used by DIFC and ADGM compliance officers, MLROs, SEOs, and operations leads ahead of licence renewal, thematic review preparation, and board governance refresh.

PDF · 6 pages · instant download

Request the checklist.

The licence category field qualifies your firm. We use it to send you the relevant follow-up note — nothing more.

Name Work email Firm name Licence category

We email the PDF instantly. We do not sell, share, or rent your details. Unsubscribe in one click. See our Privacy Policy.