Europe | Resilience in banking, also in the realm of cyber risks

Cybersecurity has become a strategic priority for the main global bodies responsible for ensuring financial stability, as well as for banking authorities in the European Union (EU).

Key points

• Key points:
• This drive to address cyber risks is part of the authorities' growing focus on the operational risks to which financial institutions are exposed, with their implications for financial stability. This momentum has also come from the sharp increase in cyber incidents, with banking being one of the sectors most heavily exposed to cyber risks.
• A few weeks ago, the ECB published the results of its first cyber resilience stress test for 109 European banks (out of the 113 institutions directly supervised by the ECB), with two levels of analysis: a standard analysis and an additional, more exhaustive analysis, of 28 institutions.
• This exercise does not measure banks' ability to prevent cyberattacks, but rather focuses on assessing how they respond and their ability to recover. The results, mainly qualitative, have been communicated to the banks at an individual level, with a specific report and recommendations.
• These results will be part of the annual supervisory review and evaluation process (SREP) for 2024, which assesses the risk profile of each institution. However, in this case, and unlike traditional financial stress tests, the cyber stress results will not affect banks' capital requirements.
• Thus, by supporting resilience in the world of cyber risks, progress is made toward a more stable banking sector, with a solid technological foundation. This will allow it to continue with its digital transformation, a vital process in which the sector is immersed in order to improve its efficiency and competitiveness.

Authors

Geographies

Topics

Tags