ECB Cyber Test Finds Banks Need Improvement

The European Central Bank warned Friday that eurozone banks have “room for improvement” in cyber security, starting with how they would recover from a hack

In response to an increase in cyber attacks, some of which may have been motivated by geopolitical factors, the European Central Bank implemented its inaugural cyber risk stress test.

The test results were released one week following a global technology disruption that affected various sectors, including finance.

As part of the exercise, 109 banks were instructed to provide a detailed plan to respond to and recover from a successful cyber-attack. This plan included the activation of emergency procedures and the restoration of normal operations.

The ECB subsequently reviewed the submissions and provided each bank with specific recommendations as part of its annual supervisory assessment. Capital requirements would not be affected by this.

In a blog post, ECB supervisor Anneli Tuominen stated, “The stress test results are insightful and demonstrate that, despite the existence of high-level response and recovery frameworks in banks, there is still room for improvement.”

Banks have been instructed to enhance their backup procedures, examine external providers more closely, and ensure business continuity following a breach, among other recommendations.

In a press release, the European Central Bank (ECB) stated that banks have either already made improvements or have plans to address the deficiencies identified during the exercise.

28 of the 109 institutions participating in the stress test were chosen for a more comprehensive exercise, including an on-site inspection and an actual recovery exercise.

The European Central Bank (ECB) refrained from disclosing the names of the institutions examined and provided only a limited amount of information regarding the sector’s precise vulnerabilities. The reason for this was to prevent hackers from gaining an advantage.

It is expected to determine whether or not to conduct additional experiments of this nature by the end of the year. Financial supervisors in Denmark and Britain have conducted similar cyber exercises.

The European Central Bank (ECB) stated that the 113 banks it supervises experienced a significant increase in “cyber incidents” during the latter half of last year. The ECB attributed this increase to “heightened geopolitical tensions,” likely to reference Russia’s invasion of Ukraine.

It also reiterated its warning that numerous institutions were utilizing “aging IT systems” and were relying more heavily on third-party providers.