FRANKFURT (Reuters) – Euro zone banks “still have room for improvement” in terms of cybersecurity, including how they plan to continue operating after being hacked, the European Central Bank (ECB) said on Friday.
The ECB’s first-ever cyber stress test was launched in response to a surge in attacks, some of them geopolitical in nature. Its results were published a week after a global IT outage that disrupted many sectors, including finance.
As part of the exercise, 109 banks were asked to explain in detail how they would respond to a cyberattack and recover from it, for example by activating emergency procedures and restoring normal operations.
The ECB then examined their proposals and made specific recommendations to each bank as part of its annual prudential assessment. These recommendations would not have an impact on capital requirements.
“The results of the stress test are revealing and show that while banks have high-level response and recovery frameworks in place, there is still room for improvement,” ECB supervisor Anneli Tuominen said in a blog post.
Specifically, banks were urged to work on how they ensure business continuity after being hacked, strengthen their safeguards and take a closer look at external vendors, among other recommendations.
“In some cases, banks have already improved or plan to address the shortcomings highlighted during the exercise,” the ECB said in a press release.
Of the 109 banks participating in the stress test, 28 were selected for a more in-depth exercise that also included a real recovery exercise and an on-site inspection.
The ECB did not name the banks it investigated and provided few details about the exact weaknesses in the sector, citing the risk of giving hackers an advantage.
It is expected to decide by the end of the year whether further such tests are necessary. Financial regulators in the UK and Denmark have also conducted similar IT exercises.
The ECB added that “cyber incidents” at the 113 banks it supervises had increased in the second half of last year, which it said was “partly driven by heightened geopolitical tensions” – a likely reference to Russia’s invasion of Ukraine.
She also reiterated warnings about “ageing IT systems” at many banks and their increased reliance on third-party vendors.
(Written by Francesco Canepa; Pauline Foret, edited by Blandine Hénault)
Copyright © 2024 Thomson Reuters
I have over 8 years of experience working in the news industry. I have worked as a reporter, editor, and now managing editor at 247 News Agency. I am responsible for the day-to-day operations of the news website and overseeing all of the content that is published. I also write a column for the website, covering mostly market news.
