European Systemic Risk Board to Evaluate Systemic Cyber-security Risk

Shearman & Sterling LLP
Contact

Shearman & Sterling LLP

The European Systemic Risk Board has published a report on cyber-security risk, which it has identified as a source of systemic risk to the global financial system. The report notes that the increased digitalization and interconnectedness of the global financial system makes it heavily reliant on ICT infrastructure and vulnerable to cyber attacks. The report provides an overview of key regulatory and industry initiatives aimed at combatting cyber risk, which include: (i) the 2019 International Organization of Securities Commissions’ Cyber Task Force report on cyber regulation; (ii) the European Banking Authority’s Guidelines on management of information and communication technology and security risks; and (iii) the European Securities and Markets Authority’s 2020-2022 Strategic Orientation, which establishes the dangers of cyber threats as an area of focus for ESMA and the other European Supervisory Authorities.
 
The ESRB’s report establishes a model for analyzing cyber-security risk and finds that vulnerabilities to cyber-security risk at an individual firm level can be caused by factors such as: (i) insufficient industry oversight of third-party suppliers; (ii) poor cyber-security hygiene; (iii) ineffective testing of people and technology; (iv) lack of investment in cyber-security threat intelligence; and (v) firm scale and resources which may have a negative effect on cyber-related risk management. Cyber-security risk is different from many other types of operational risk because of how fast and widely cyber attacks can be propagated and the fact that many cyber attacks are designed to cause disruption to the financial system. Loss of confidence in the financial system following a cyber attack could result if large financial losses ensue, potentially risking a systemic crisis. Going forward, the ESRB intends to explore options to mitigate cyber-security systemic risk, including appropriate planning and preparation for cyber attacks by authorities, improved awareness of the need for, and investment in, protection against cyber attacks by financial institutions and involvement of central banks to utilize their tools to help combat cyber-security risk.
 
View the ESRB's report on systemic cyber risk.
 
View details of IOSCO's Cyber Task Force report on cyber regulation.
 
View details of the EBA's Guidelines on the management of information and communication technology and security risks.
 
View details of ESMA's 2020-2022 Strategic Orientation.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Shearman & Sterling LLP | Attorney Advertising

Written by:

Shearman & Sterling LLP
Contact
more
less

Shearman & Sterling LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.