The European Central Bank (ECB) will stress test 109 banks over the next twelve months to see if they are adequately prepared for cyber attacks. The banks’ response and recovery capabilities will be prioritized, not the potential to prevent incidents.
The 109 banks in question are all under the direct supervision of the ECB. The stress test scenario seeks to interrupt the banks’ day-to-day operations, during which existing contingency measures will be practically tested.
Sharing additional information
28 of the 109 banks are to share additional information with the ECB detailing their response to the simulated attack. The ECB says these banks operate in different regions and sectors, so it’s possible to state in general terms afterwards how the financial sector can better guard against cybercrime.
Although the specific banks aren’t listed, the ECB supervises such entities as Deutsche Bank, Santander, UBS and ING.
The ECB project was announced in March. Earlier, several agencies had warned of the increased cyber threat plaguing banks and government agencies, among others. The European Union’s Cybersecurity Agency (ENISA) and Britain’s National Cyber Security Centre were among those to point out that Russian state actors, in particular, are of particular concern.
More stress tests
The ECB conducts stress tests frequently, although the focus on cyber resilience is new. In the middle of last year, it presented the findings of an assessment with regard to banks’ resilience against an economic downturn. It showed that smaller banks were significantly more vulnerable than larger players. It remains to be seen if the same applies when it comes to cyber security.
1 day ago
