Frankfurt: The European Central Bank (ECB) highlighted that eurozone banks have “room for improvement” in their cybersecurity practices, particularly in maintaining operations after a cyber-attack, according to a report released on Friday. This announcement follows the ECB’s inaugural cyber risk stress test, conducted in response to a rise in cyber-attacks, some potentially driven by geopolitical factors. The results were published a week after a global tech outage that disrupted various sectors, including finance.
The stress test involved 109 banks, which were required to outline their strategies for responding to and recovering from a cyber-attack. This included activating emergency procedures and restoring normal operations. The ECB reviewed these submissions and provided tailored recommendations as part of its annual supervisory assessment. These recommendations will not affect capital requirements.
“The results of the stress test are insightful and showed that while banks do have high-level response and recovery frameworks in place, there is still room for improvement,” said ECB supervisor Anneli Tuominen in a blog post.
The ECB’s recommendations focus on enhancing business continuity post-attack, strengthening backup measures, and scrutinizing external providers. “In some cases, banks have already improved or plan to address the shortcomings identified during the exercise,” the ECB noted in a press release.
Also Read | UK Drivers Still Overpaying for Road Fuel, Regulator Reports
Out of the 109 banks, 28 were selected for a more detailed review, which included an actual recovery exercise and on-site inspection. The ECB did not disclose the names of the banks or specific sector weaknesses to avoid providing advantages to potential hackers.
Also Read | China and Japan’s Relations Reach a ‘Critical Stage’ Amidst Tensions
The ECB will decide by year-end whether to conduct additional tests. Similar cybersecurity exercises have been carried out by financial supervisors in Britain and Denmark. The ECB also reported a surge in “cyber incidents” among the 113 banks it oversees in the latter half of the previous year, attributed partly to increased geopolitical tensions, likely referring to Russia’s invasion of Ukraine. The ECB reiterated concerns about many banks operating with outdated IT systems and an increasing reliance on third-party providers.
