Why is cyber resilience important?

10 April 2018

Information technology has become deeply ingrained in our lives. From personal needs – buying a cup of coffee or sharing some family photos – to business tasks – like designing machinery or buying and selling shares – it is hard to imagine life without it. It makes society more connected and our economies richer, but it also comes with new risks.

What if something goes wrong? What if your pictures end up in the wrong hands? What if someone hacks your smartphone to steal money?

Risks like these are just as paramount in the business world, including the financial sector. Cyberattacks can cost companies a fortune. They can bring down the power grid. They can pose a risk to the stability of the financial system. That is why it is so important that companies and organisations are prepared for, and equipped to deal with, such threats.

What does the ECB do to promote cyber resilience?

We take cyber threats very seriously. We continuously work to improve our defences so that we can protect our data and information systems. We develop strategies to deal with crisis situations, should an attack occur. And we work together with the EU national central banks to protect the European System of Central Banks – and its data – as a whole.

But it is not only our own cyber resilience we care about. We promote cyber security more widely, particularly in the financial sector.

For example, we cooperate with other EU institutions, such as the European Parliament, the Council and the Commission, as well as with other international organisations and financial institutions to share information, increase understanding of cyber risks and develop best practices for handling them.

As a regulator for market infrastructure – for example, payment and settlement systems – we set rules and best practices to ensure that individual institutions and providers have a strong level of cyber resilience.

In our role as banking supervisor, we ask the largest euro area banks to report significant cyber incidents as soon as they detect them. This helps us to identify and monitor trends in cyberattacks, which puts us in a position to be able to react more swiftly to a potential crisis caused by a cyberattack. We are also developing specific IT risk management guidelines intended to help banks and financial institutions become stronger and better equipped to face cyber threats.

Whose responsibility is cyber resilience?

The ECB actively collaborates with many partners to increase awareness of cyber risks. However, just as we are all responsible for locking our own doors and windows at home, and if necessary installing security measures, companies, banks and public institutions are ultimately responsible for their own security. They need to make sure their security systems are up to date and keep themselves informed and alert about cyber threats – both for their own sake and for others.