Cyber incidents remain a threat to the financial system and are rapidly growing in frequency and sophistication.
This report explores whether greater convergence in the reporting of cyber incidents could be achieved in light of increasing financial stability concerns, especially given the digitalisation of financial services and increased use of third-party service providers.
Following a stocktake of existing supervisory and regulatory practices, the FSB found that fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used.
This subjects financial institutions that operate across borders or sectors to multiple reporting requirements for one cyber incident. At the same time, financial authorities receive heterogeneous information for a given incident, which could undermine a financial institution’s response and recovery actions.
This underscores a need to address constraints in information-sharing among financial authorities and financial institutions.
Recognising that information on cyber incidents is crucial for effective actions and promoting financial stability, the FSB has identified three ways that it will take work forward to achieve greater convergence in cyber incident reporting:
The report notes that greater harmonisation of regulatory reporting of cyber incidents would promote financial stability by:
By end-2021, the FSB will develop a detailed plan for taking this work forward.
Inscrivez-vous et accèdez à l’ensemble de l’actualité GRACES.Community.