Banks need to prioritise spending on cyber defences, says ECB

THE European Central Bank said lenders in the region need to keep investing in their ability to respond to attacks by hackers after a landmark stress test of the industry showed “room for improvement.”

“Banks need to prioritise investment in cybersecurity and treat it as a vital strategic component that underpins their operational resilience,” said Anneli Tuominen, a member of the ECB’s Supervisory Board.

The test of 109 lenders showed that banks do have high-level response and recovery frameworks in place, Tuominen said. Yet several lenders displayed material weaknesses in their ability to respond to the test’s simulated hacker attack, Bloomberg reported earlier this week.

The ECB, which announced the test last year as tensions with Russia pushed the issue further up the list of priorities for regulators, has billed it as an exercise to improve banks’ risk management rather than an exam that will directly impact their capital requirements. Since then, several attacks involving service providers and the fallout from the recent massive global IT failure have underscored the vulnerabilities of the global financial system.

Tuominen cited the events at CrowdStrike Holdings as an example of how an incident at one firm can have cascading effects across multiple sectors.

“Banks need to ensure that their recovery capabilities are sufficient to handle worst-case scenarios,” Tuominen said in a blog post on Friday (Jul 26) marking the conclusion of the test. Lenders need to be able to “meet their recovery objectives to protect customer assets and customer data, maintain confidence in the banking system and, ultimately, safeguard financial stability,” she wrote. BLOOMBERG