What is cyber resilience?
Cyber resilience refers to the ability to protect electronic data and systems from cyberattacks, as well as to resume business operations quickly in case of a successful attack.
Why is it important?
Cyberattacks are a serious threat to each of us. Attackers could try to hack into a private computer or an organisation for economic gain or simply for demonstrative purposes, or they could be driven by the aim of causing damage and disruption.
This threat has to be taken seriously by banks, financial institutions, and financial market infrastructures (such as payment or settlement systems). But cyberattacks are not only a threat to individual institutions. Given the high level of interconnectedness within the financial sector, they can also pose a threat to the stability of the overall financial ecosystem.
The risk of cyberattacks is further accentuated by the high reliance of the financial system on digital technologies, the difficulty to protect against fast changing threats and because they are borderless.
It is therefore essential that banks, other financial institutions and financial market infrastructures, as well as central banks like the ECB, have an adequate level of cyber resilience to ensure their own protection as well as that of the entire ecosystem.
What does the ECB do?
Cooperate with EU national central banks
We work closely with all EU national central banks to ensure the confidentiality, availability and integrity of our own data. This helps to protect us and the Eurosystem as a whole against cyberattacks, limit the fallout in case of a data breach and ensure that we can continue to operate at all times.
Cooperate with other EU institutions
We work with other EU institutions, such as the European Parliament, the Council and the Commission. The EU Computer Emergency Response Team – or CERT-EU for short – is the centre point of these joint efforts. CERT-EU warns its members about new threats, provides testing and offers advisory services. It also supports its members when responding to cyberattacks. The response team is hosted by the Commission and financed by the participating institutions.
Encourage information exchange
We facilitate exchanges of security information among a global network of central banks and international financial organisations.
Promote cyber resilience among financial market infrastructures
One of the ECB’s tasks is to oversee financial market infrastructures – for example payment and settlement systems – as they are essential to the smooth functioning of the financial system as a whole. We set rules and best practices with the aim of ensuring that these infrastructures have a high level of cyber resilience. As part of this, the ECB has developed a European framework for ethical hacking. A financial company or organisation can request an authorised hacker to attempt to hack its systems in line with the guidance provided in the framework in order to test their resilience and identify any weaknesses.
Require banks to report major cyber incidents
ECB Banking Supervision has implemented a cyber-incident reporting framework. All significant institutions from the 19 euro area countries have to report significant cyber incidents as soon as they detect them. This enables our supervisors to identify and monitor trends in cyber incidents affecting significant institutions and to gain a deeper knowledge of the cyber threat landscape. It also puts us in a position to be able to react more swiftly to a potential crisis caused by a cyberattack.
Monitor banks’ IT risks
ECB Banking Supervision monitors how the banks under our supervision manage their IT risks. Most aspects of cyber security fall under this part of our supervisory activities, which include:
- continuous off-site supervision and risk assessments
- thematic and horizontal reviews of focus areas (e.g. cyber security, IT outsourcing, data quality)
- targeted on-site inspections (on IT risk areas in general, but also focused on IT security and cyber risk)
Work is ongoing to issue guidelines on IT risk management (including cyber risk) for significant credit institutions.
Participate in meetings and working groups
We take part in bilateral meetings and international working groups with a variety of stakeholders (overseers, supervisors and institutions, both inside and outside the EU) to ensure a coordinated approach to cyber risk.