ECB Urges European Banks to Enhance Cybersecurity Measures Following Extensive Stress Test

The European Central Bank (ECB) has called for banks across Europe to bolster their defences against cyber attacks in light of a recent surge in such incidents targeting major financial institutions. This directive follows the ECB's first-ever cyber stress test, which evaluated how 109 financial institutions would manage a "severe but plausible" cybersecurity breach.

ECB President Christine Lagarde's team conducted the assessment, revealing that while banks have established response and recovery frameworks, there are still areas needing improvement. Anneli Tuominen, a member of the ECB’s supervisory board, remarked, “The results of the stress test are insightful and showed that while banks do have high-level response and recovery frameworks in place, there is still room for improvement.”

The ECB emphasized the urgency of such testing due to a "recent surge in cyber incidents" reported by supervised lenders. This increase is partly attributed to rising geopolitical tensions and the challenges brought about by the digitalization of the banking sector. Specifically, the ECB noted a significant rise in cyber attacks during the first half of 2023, largely due to Russian hackers retaliating against sanctions imposed following Russia's invasion of Ukraine.

In this unprecedented stress test, 109 banks under the direct supervision of the ECB were required to complete a detailed questionnaire and submit relevant documentation for analysis. A subset of 28 banks underwent more rigorous testing, including actual IT recovery tests and on-site inspections. These banks had to demonstrate their capability to:

- Activate their recovery plans, including restoring backed-up data and coordinating with critical third-party service providers.

- Ensure the recovery and functionality of affected areas.

- "Implement lessons learnt" by reviewing and refining their response and recovery strategies.

The ECB stated that the insights gained from this exercise would contribute to the broader 2024 Supervisory Review and Evaluation Process of European banks, which aims to assess each bank’s individual risk profile. The ECB's findings underscore the need for continuous improvement in cybersecurity measures amidst an evolving threat landscape.

By fLEXI tEAM