The European Systemic Risk Board (ESRB) has published a Recommendation for the establishment of a pan-European systemic cyber incident coordination framework (EU-SCICF). The financial sector relies on resilient information and communications technology systems and is highly dependent on the confidentiality, integrity and availability of the data and systems it uses. Major cyber incidents have the potential to corrupt information and destroy confidence in the financial system, and they may therefore pose a systemic risk. This calls for a high level of preparedness and coordination among financial authorities in order to respond effectively to such major cyber incidents. The EU-SCICF would aim to strengthen this coordination among financial authorities in the European Union, as well as with other authorities in the Union and key actors at international level. It would complement the existing EU cyber incident response frameworks by addressing the risks to financial stability stemming from cyber incidents.
The accompanying ESRB report “Mitigating systemic cyber risk” explains in detail how the EU-SCICF would facilitate an effective response to a major cyber incident. Building on the ESRB report published in 2020, Systemic cyber risk, the report also assesses the ability of the current macroprudential framework to address the risks and vulnerabilities stemming from systemic cyber risk. It concludes that the macroprudential mandate and toolkits of financial authorities need to be expanded to include cyber resilience.