A low angle shot of high rise skyscrapers under the clear sky in Frankfurt, Germany
The European Central Bank released the results of its first stress test of EU banks’ cybersecurity measures, revealing that many banks would struggle to recover from a hack.
The ECB asked 109 banks to detail their emergency plans in the case of a cyberattack, including both their response to the breach and their strategy for restoring normal operations for their customers. After reviewing the banks’ procedures, the ECB gave feedback on the areas where each bank could improve their response, like enhancing backup systems or strengthening controls on third-party partners
“The results of the stress test are insightful and showed that while banks do have high-level response and recovery frameworks in place, there is still room for improvement,” ECB supervisor Anneli Tuominen noted in a blog post.
Rectifying Shortcomings
An additional 28 banks were chosen to participate in a more intense exercise that included on-site inspections and cyberattack simulations. According to the ECB, many of the banks have already rectified some of the shortcomings revealed in the stress test.
The central bank was careful not to release any details about the specific weaknesses it uncovered or the individual banks it tested, as it didn’t want to give cybercriminals any data they could use against the institutions. The ECB said it would decide whether to pursue further stress tests by the end of the year.
Top of Mind
Cybersecurity continues to be a top priority, particularly after the global internet outage that recently rocked many businesses, including banks. While that incident was tied to an update from cybersecurity provider CrowdStrike and not a cyberattack, it still exposed weaknesses in financial institutions’ responses to cyber incidents.
One of the most important considerations for banks is their dependence on third-party providers to manage critical aspects of their business. As a result, EU banks’ relationships with third-party providers were a central focus of the ECB’s stress test.
The central bank reported that cyber incidents were on the rise in its 113 banks in the latter part of last year, partially due to the war in Ukraine. The powerful technology that is now in the hands of hackers, including deepfake AI, makes it critical for financial institutions to have actionable strategies in the event of a hack.
Read More
