Low angle shot of skyscrapers under a sunny sky in Frankfurt, Germany
The European Central Bank has published the results of its first stress test of EU banks’ cybersecurity measures, finding that many lenders would struggle to recover from the hacks.
The ECB asked 109 banks to detail their emergency plans in case of a cyberattack, including both how to respond to an intrusion and how to restore normal operations for customers. After reviewing the banks’ procedures, the ECB provided feedback on areas where each bank could improve its response, such as strengthening backup systems and strengthening controls over third-party partners.
“The stress test results are insightful and show that while banks have indeed put in place high-quality response and recovery frameworks, there is still room for improvement,” ECB supervisor Anneli Tuominen said in a blog post.
Correcting defects
A further 28 banks were selected to take part in more rigorous drills, including on-site inspections and simulated cyber attacks, and the ECB said many banks had already fixed some of the shortcomings revealed by the stress tests.
The central bank was careful not to release details about the specific vulnerabilities it found or the individual banks it tested, as it did not want to provide cybercriminals with data they could use to attack financial institutions. The ECB said it would decide whether to conduct further stress tests by the end of the year.
Top of Mind
Cybersecurity remains a top priority, especially after the recent global internet outage that rocked many businesses, including banks. While the incident was linked to an update by cybersecurity provider CrowdStrike rather than a cyberattack, it nevertheless exposed weaknesses in financial institutions’ response to cyber incidents.
One of the most important considerations for banks is their reliance on third-party providers to manage key aspects of their business, and as a result, EU banks’ relationships with third-party providers were a central focus of the ECB’s stress tests.
The central bank reported an increase in cyber incidents at its 113 banks in the second half of last year, partly due to the war in Ukraine. Given the powerful techniques now in the hands of hackers, such as deepfake AI, it is crucial that financial institutions have a viable strategy in the event of a hack.
