ESRB Report: Policy Tools against cyber risks

Alessandro Micagni
On April 21st, 2024

On April 16, 2024, the ESRB released a report on operational policy tools for cyber resilience, expanding on their efforts to tackle systemic cyber risks. It highlights approaches like defining thresholds for macro-prudential responses and assessing tools like capital buffers and scenario testing.

ESRB Report: Policy Tools against cyber risks


The European Systemic Risk Board (ESRB) released a significant report on April 16, 2024, that focused on operational policy tools that are necessary to strengthen cyber resilience. An important step has been taken in the ESRB's continuing efforts to manage systemic risks resulting from cyber incidents with the release of this paper. The paper explores important topics such systemic cyber risk, mitigating techniques, and improving macroprudential tools. It is based on a number of earlier papers. The objective of the ESRB is to strengthen the financial industry against possible disruptions by outlining mechanisms for evaluating and responding to cyber risks, including the investigation of capital buffers and cyber resilience scenario testing.



Source

[1]

EU Risk Management: ESRB on Financial Stability
The ESRB Annual Report presents an intricate analysis of the EU’s financial system, reflecting on the heightened geopolitical and economic uncertainty within the EU due to the ongoing crisis in Ukraine.
GrandAlessandro Micagni


Enhancing Cyber Resilience: ESRB's Operational Policy Tools Review


The European Systemic Risk Board (ESRB) conducts a thorough examination of operational policy instruments that are essential for addressing systemic cyber crises in its member states in its most recent report. To increase cyber resilience in the financial sector and beyond, three main tool sets are optimized:


  • Information Management Tools: To enable efficient monitoring, instrument calibration, and post-incident management, the paper emphasizes the significance of strong methods for obtaining, exchanging, and managing data. These instruments are essential for promoting information exchange throughout the EU, which is vital in the fight against cyber threats, together with the creation of cyber incident reporting centers.

  • Coordination Mechanisms: The paper highlights coordination instruments that are intended to promote cooperation between regulatory bodies and financial institutions in order to lessen the possibility of destabilizing effects on the stability of the financial system. The ongoing creation of the EU-SCICF, a pan-European systemic cyber event coordination framework, is highlighted as a crucial project that has the potential to improve coordinated responses among stakeholders and strengthen the financial system's resilience.

  • Emergency and Backup Systems: In order to maintain the continuity of vital economic operations, particularly in times of extreme disaster, the paper highlights the importance of emergency and backup systems. Authorities seek to minimize delays and maintain critical economic operations even in the face of major cyber incidents by putting strong contingency measures in place.

Addressing Systemic Risks: ESRB's Areas for Further Action


The ESRB recognizes that more steps must be taken to improve cyber resilience, especially in areas where present tactics might not be sufficient. The effectiveness of backup plans and system-wide contingency solutions is one major area of concern. The European System Reliability Council (ESRB) supports the investigation of emergency systems at the European level, acknowledging that certain systemic incidents can exceed the capacity of particular institutions' business continuity plans. But putting such policies into action requires careful thought and coordination with national institutions to evaluate the advantages and possible drawbacks on a systemic and national level. In order to guarantee comprehensive risk management strategies, the ESRB also emphasizes the significance of recognizing and filling gaps between operational and financial policy tools.



Safeguarding Financial Stability: ESRB's Response to Evolving Cyber Threats


The European Systemic Risk Board (ESRB) is alert in the constantly changing world of cyber threats because it understands the enduring challenges to financial stability in the EU and beyond. The severity of the problem is highlighted by recent events, which range from ransomware assaults on important financial institutions to the damage of underwater communications cables. Financial institutions are at danger even with strong cybersecurity safeguards in place, which calls for a thorough review of risk management techniques.


Examples of cyber incidents:


  • Underwater Telecommunications Cable Sabotage: Critical communication infrastructure disruptions serve as a clear reminder of how vulnerable important systems are.

  • Ransomware Attacks on ION Group and ICBC Financial Services: These incidents, which focus on important economic activities including market operations and securities trading, draw attention to the possible repercussions for financial markets and the overall economy.

  • Third-Party Provider Cybersecurity: To protect overall financial stability, comprehensive evaluations of the cybersecurity fitness of third-party providers are essential due to the interconnectedness of financial services.

Key Areas for Further Action:


  • Improved Information Management: For efficient risk monitoring and crisis management, it is essential to fortify data collection, exchange, and administration capacities.

  • Better Coordination Mechanisms: A coordinated response to cyber incidents depends on the establishment of strong crisis management and coordination procedures at the national and EU levels.

  • System-Wide Contingency Planning: It is imperative to carefully consider the advantages and disadvantages of implementing backup plans and system-wide contingency solutions at both the national and systemic levels.

The European System Resilience Board (ESRB) seeks to strengthen the resilience of the European financial system against systemic cyber crises by tackling these areas and implementing a multi-layered approach to cybersecurity.


Strengthening Cyber Resilience: Information Management Tools for Financial Stability
Strengthening Cyber Resilience: Information Management Tools for Financial Stability


Strengthening Cyber Resilience: Information Management Tools for Financial Stability


A proactive strategy to cybersecurity is necessary given the financial system's digital network's constant evolution. Policymakers and financial authorities stress the vital significance of efficient information management in light of the ongoing evolution of cyber risks. Information management technologies are essential in this situation for collecting, analyzing, and disseminating data; they are the cornerstone of an analytical framework that helps identify and address cyberthreats.


Main information management tools:


  • Cyber Maps: By making it easier to find significant systemic connections inside the financial network, these tools help evaluate the risks of concentration and contagion. Cyber maps provide insights into potential vulnerabilities and disruptions by drawing relationships between financial companies, technological providers, and remedies. Their creation is in line with the Basel Committee's operational resilience guidelines.

  • Information-Sharing Fora: Information-sharing programs, such Information Sharing and Analysis Centers (ISACs), act as focal points for the collection and distribution of threat intelligence related to cyberspace. These nonprofit organizations promote cooperation to successfully tackle cyber risks by facilitating information exchange between the public and private sectors. The Nordic Financial CERT (NF CERT), the European Financial Institutes' Information Sharing and Analysis Centre (FIISAC), and the Cyber Information and Intelligence Sharing Initiative (CIISI-EU) are a few notable examples.

  • Collaborative Structures: Direct communication between members of a collaborative network fosters mutual trust and information exchange. By facilitating the sharing of knowledge, best practices, and business connections, these frameworks help the financial sector as a whole become more resilient. Examples include the Nordic threat intelligence provided by NF CERT and the trustworthy community for cybersecurity conversations and information sharing offered by CIISI-EU.

To summarise, proficient information management systems facilitate the proactive monitoring, analysis, and response of financial institutions and authorities to cyber threats. This, in turn, strengthens the financial system's resilience against dynamic cyber hazards.



Advantages and Challenges of Information Sharing in Cybersecurity


Information sharing is essential for strengthening defenses against cyberattacks in the increasingly linked digital world. An organization's ability to effectively share information becomes critical when it faces changing cybersecurity concerns. This article explores the benefits and drawbacks of information sharing in cybersecurity, highlighting how it can improve resilience despite roadblocks including standardization concerns and industry-specific complications. Through comprehension of these interactions, involved parties can devise cooperative tactics to enhance cybersecurity posture and efficiently alleviate new dangers.


  • Benefits:

    • Enhanced Resilience: By encouraging early threat identification, enhancing situational awareness, and fostering member safety, information-sharing programs raise overall resilience against cyberthreats.

    • Collaborative Defenses: Information sharing fosters transparency and trust, which in turn strengthens collective defenses against cyberattacks. Instinctive collaboration results from mutual trust and good communication inside the network, which lowers tensions and conflicts during emergencies.

    • Data-Driven Analyses: By providing information to authorities, information-sharing fora facilitate data collection and data-driven analyses that allow authorities to evaluate cyber incidents and improve resilience in accordance with predetermined severity criteria.

  • Challenges:

    • Standardization problems: Information-sharing technologies' efficacy may be hampered by a lack of standardization and simplification in their operating features. Preventing information-sharing bottlenecks without compromising adaptability requires striking a balance between standardization and flexibility.

    • Sector-Specificity: Lack of sector specificity results in a number of information-sharing methods that include parties with different goals and frameworks. If sector-specific demands are not addressed, knowledge may be reduced throughout the value chain, requiring appropriate authorities to play a supportive role.

    • Multiplicity of Fora: In some countries, there may be several fora with comparable scopes, which presents coordination issues. While there are expenses involved, connecting current frameworks and creating a common understanding of their duties at the national and EU levels can improve cooperation, lower obstacles, and prevent redundancy.


Operational Tools in Cyber Crisis Management


Pre-crisis and at-crisis tools are the two primary categories into which operational instruments in cyber crisis management fall. Pre-crisis tactics are used in advance with the goal of creating a sense of preparation and preparedness via mutual understanding, improved communication, and proactive actions like information-sharing campaigns and simulated collaboration. However, once an incident reaches a specific level, at-crisis tools become active, enabling a coordinated and effective response. These resources include crisis management strategies, coordination frameworks, and internal and macroprudential communication channels. They guarantee a cross-sectoral viewpoint and efficient decision-making in times of crisis.


Public-Private Partnerships in Cyber Crisis Management


PPPs, or public-private partnerships, are essential to cyber incident management during both the pre-crisis and post-crisis stages. These partnerships go beyond exchanging information; they also actively handle cybercrime, coordinate threat responses, and offer members specialized support. Cases such as NF CERT, CERTFin, and the Paris Resilience Group demonstrate the wide spectrum of services provided, ranging from large-scale modeling exercises to crisis management. PPPs play a major role in enhancing preparedness for potential crises by providing knowledge and assistance for training and assessments.


Key points:


  • Tactical Level: IT teams take the initiative and open lines of communication with pertinent parties.

  • Operational Level: Initiation of macroprudential cooperation, crisis readiness, communication with higher authorities, and activation of frameworks across the EU.

  • Strategic Level: Providing advice on important policy matters, coordinating with governments, and addressing significant policy challenges.

Increasing Cyber Resilience via Cooperative Alliances


In conclusion, smooth cooperation between public and private organizations is essential to the efficacy of cyber crisis management. Public-private partnerships (PPPs) improve cyber resilience by actively assisting in crisis response coordination and facilitating information sharing. PPPs play a critical role in enabling quick and efficient responses during cyber catastrophes and strengthening pre-crisis readiness by leveraging knowledge, conducting simulations, and coordinating efforts across sectors. Fostering and growing these cooperative efforts will be crucial to protecting vital infrastructure and lessening the effects of cyberattacks as cyber threats keep evolving.



Grand is Live

Check out our GPT4 powered GRC Platform

Sign up Free

Reduce your
compliance risks

Sign Up Free Request Demo