The European Systemic Risk Board has published a report on cyber-security risk, which it has identified as a source of systemic risk to the global financial system. The report notes that the increased digitalization and interconnectedness of the global financial system makes it heavily reliant on ICT infrastructure and vulnerable to cyber attacks. The report provides an overview of key regulatory and industry initiatives aimed at combatting cyber risk, which include: (i) the 2019 International Organization of Securities Commissions’ Cyber Task Force report on cyber regulation; (ii) the European Banking Authority’s Guidelines on management of information and communication technology and security risks; and (iii) the European Securities and Markets Authority’s 2020-2022 Strategic Orientation, which establishes the dangers of cyber threats as an area of focus for ESMA and the other European Supervisory Authorities.
The ESRB’s report establishes a model for analyzing cyber-security risk and finds that vulnerabilities to cyber-security risk at an individual firm level can be caused by factors such as: (i) insufficient industry oversight of third-party suppliers; (ii) poor cyber-security hygiene; (iii) ineffective testing of people and technology; (iv) lack of investment in cyber-security threat intelligence; and (v) firm scale and resources which may have a negative effect on cyber-related risk management. Cyber-security risk is different from many other types of operational risk because of how fast and widely cyber attacks can be propagated and the fact that many cyber attacks are designed to cause disruption to the financial system. Loss of confidence in the financial system following a cyber attack could result if large financial losses ensue, potentially risking a systemic crisis. Going forward, the ESRB intends to explore options to mitigate cyber-security systemic risk, including appropriate planning and preparation for cyber attacks by authorities, improved awareness of the need for, and investment in, protection against cyber attacks by financial institutions and involvement of central banks to utilize their tools to help combat cyber-security risk.
View the ESRB's report on systemic cyber risk.
View details of IOSCO's Cyber Task Force report on cyber regulation.
View details of the EBA's Guidelines on the management of information and communication technology and security risks.
View details of ESMA's 2020-2022 Strategic Orientation.