Europe’s high monetary supervisor is to launch its first check of how the sector would reply to a critical breach of its cyber defences after a rise in assaults towards the area’s banks following Russia’s invasion of Ukraine.
The European Central Financial institution will ask all main lenders within the eurozone to element by subsequent yr how they might “reply to and get well from a profitable cyber assault”, its head of supervision stated on Thursday.
“We all know that there was a major improve in cyber assaults,” Andrea Enria informed Lithuanian newspaper Verslo žinios. “We can’t apportion this to any particular supply, however it’s a undeniable fact that the variety of these assaults has elevated because the warfare [in Ukraine] began.”
Enria stated rising concern concerning the danger of cyber assaults meant the ECB was launching “a thematic stress check on cyber resilience” designed to offer “a greater understanding of the place the banks’ strengths and weaknesses are”.
The ECB is within the means of designing a state of affairs involving a theoretical breach of the monetary system’s cyber defences, which shall be despatched to the entire 111 banks it supervises to evaluate how they might react. Enria stated it could have the outcomes by the center of subsequent yr.
Worries concerning the vulnerability of Europe’s monetary system to disruption by hackers have intensified after a ransomware assault on Ion Markets, an Irish-based monetary knowledge supplier, disrupted elements of the huge derivatives market this yr. The assault was claimed by LockBit, a bunch believed to be based mostly in Russia that lately attacked Royal Mail, the UK postal service.
Fabio Panetta, an government board member on the ECB, stated this week that the hack at Ion Markets “reveals how an assault on one software program supplier might cascade on to their shoppers”. Whereas the broader fallout was restricted on this case, Panetta stated: “We can’t ignore eventualities the place the assaults might have propagated shortly, disrupting the monetary system.”
The ECB’s cyber stress check follows comparable workouts by different monetary authorities. The Financial institution of England launched a “voluntary cyber stress check” in 2021 to mannequin the affect of an assault on the funds system.
The Federal Reserve conducts common “joint cyber safety examinations” of the most important US banks with different related authorities. The Fed stated final yr it was “carefully monitoring” how Russia’s full-scale invasion of Ukraine and different geopolitical occasions might result in a “potential improve in cyber assaults which will affect crucial infrastructure together with the monetary companies sector”.
ECB supervisors are monitoring the rising reliance of banks on third-party service suppliers, as they could possibly be susceptible to cyber assaults which have a knock-on impact throughout the monetary system. For instance, banks rely closely on massive US expertise firms resembling Amazon and Microsoft to offer cloud computing companies.
“Many banks are outsourcing crucial features, both to different firms of their group or to exterior suppliers, third-party suppliers of companies, which are sometimes situated in different jurisdictions — typically in Russia itself, typically in India or different jurisdictions throughout the globe,” Enria stated.