ECB to force all Eurozone banks to report cyber-security breaches
ECB to force all Eurozone banks to report cyber-security breaches

Starting this summer, banks regulated by the European Central Bank (ECB) will have to report all cyber-security incidents to it.

London newspaper City AM quoted Sabine Lautenschlaeger, a member of the ECB's executive board who was speaking recently in Frankfurt, as saying, “This will help us to assess more objectively how many incidents there are and how cyber-threats evolve. It will also help us to identify vulnerabilities and common pitfalls.”

According a press release from the ECB, the meeting was to share the “Eurosystem's cyber strategy for financial market infrastructures and also explain ECB Banking Supervision's approach to the issue of bank cyber resilience”.

The new requirements for banks in the Eurozone mean the Royal Bank of Scotland, Barclays and HSBC will also be required to conduct what the ECB describes as “thematic reviews” on cyber-security and outsourcing arrangements, a weak link in company infrastructure which is oft exploited in attacks.

The speech by Lautenschlaeger coincides with the launch of an In Focus paper by the ECB on cyber-crime and “cyber resilience for pan-European financial market infrastructures”.

Benoît Cœuré, also a member of the executive board of the ECB, said in a press release, “Besides the undeniable advantages of information and communication technology, the increase in users and data on digital platforms, in cloud computing and across networks has also created greater opportunities for cyber-crime.”

Cœuré added, “There are a variety of agents involved: criminals, hacktivists or nation states. They may have different motives: financial gain, espionage, disruption and destabilisation. But what they all have in common is that they are steadily increasing their level of sophistication and exploring ways of attacking. A sound operational risk management and IT security framework are the first line of defence.”

Cœuré went on to suggest the formation of a high-level cyber-resilience forum for pan-European financial market infrastructures, critical service providers and competent authorities.

He said, “I am convinced that there is cross-fertilisation and collective learning to be gained from such collaboration and I am looking forward to a fruitful meeting today.”