EU Regulators Emphasize Cyber Risk in Joint Report

The committee comprises the European Securities and Markets Authority (Esma), European Banking Agency, and the European Insurance and Occupational Pensions Authority. In the Joint Committee Report on Risks and Vulnerabilities in the EU Financial System, the JCESA highlights a number of areas where firms must focus their attention. These include regularly checking and updating systems through proper maintenance, which it says does not happen to a sufficient standard, as well as provisioning for cyber security appropriately in annual budgets. Moreover, the joint committee says, gauging cyber risk should be built into standard risk-assessement frameworks, along with continuing to measure the overall resilience of an institution and its business continuity plans.

"Cyber and IT risks should be regarded as important components of operational risk, and institutions should consider holding capital against them," the report states. "Nevertheless, holding capital should not be regarded as a substitute for the sound management of operational risk, such as sound IT governance and management, mature IT processes, IT quality assurance, and effective IT security management. The evolving nature of cyber threats increases the need for sound management practices and a strong, professional risk culture in financial institutions which can react to new threats and deliver appropriate levels of employee awareness about new risks."

The joint committee is the latest regulatory entity to warn against the risk from cyber threats. Recently, the Bank of England reported on a simulation where the financial infrastructure of the UK came under attack, following on from similar events held in the US through the Quantum Dawn series of exercises.