Related Articles
Europe’s top financial supervisor is to launch its first test of how the sector would respond to a serious breach of its cyber defences after an increase in attacks against the region’s banks following Russia’s invasion of Ukraine.
The European Central Bank will ask all major lenders in the eurozone to detail by next year how they would “respond to and recover from a successful cyber attack”, its head of supervision said on Thursday.
“We know that there has been a significant increase in cyber attacks,” Andrea Enria told Lithuanian newspaper Verslo žinios. “We cannot apportion this to any specific source, but it is a fact that the number of these attacks has increased since the war [in Ukraine] started.”
Enria said rising concern about the risk of cyber attacks meant the ECB was launching “a thematic stress test on cyber resilience” designed to provide “a better understanding of where the banks’ strengths and weaknesses are”.
The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it supervises to assess how they would react. Enria said it would have the results by the middle of next year.
Worries about the vulnerability of Europe’s financial system to disruption by hackers have intensified after a ransomware attack on Ion Markets, an Ireland-based financial data provider, disrupted parts of the vast derivatives market this year. The attack was claimed by LockBit, a group believed to be based in Russia that recently attacked Royal Mail, the UK postal service.
Fabio Panetta, an executive board member at the ECB, said this week that the hack at Ion Markets “shows how an attack on one software provider may cascade on to their clients”. While the wider fallout was limited in this case, Panetta said: “We cannot ignore scenarios where the attacks could have propagated quickly, disrupting the financial system.”
The ECB’s cyber stress test follows similar exercises by other financial authorities. The Bank of England launched a “voluntary cyber stress test” in 2021 to model the impact of an attack on the payments system.
The Federal Reserve conducts regular “joint cyber security examinations” of the biggest US banks with other relevant authorities. The Fed said last year it was “closely monitoring” how Russia’s full-scale invasion of Ukraine and other geopolitical events could lead to a “potential increase in cyber attacks that may impact critical infrastructure including the financial services sector”.
ECB supervisors are monitoring the growing reliance of banks on third-party service providers, as they could be vulnerable to cyber attacks that have a knock-on effect across the financial system. For example, banks rely heavily on big US technology companies such as Amazon and Microsoft to provide cloud computing services.
“Many banks are outsourcing critical functions, either to other companies in their group or to external providers, third-party providers of services, which are often located in other jurisdictions — sometimes in Russia itself, sometimes in India or other jurisdictions across the globe,” Enria said.
Source link
