ECB to stress test 109 banks on ability to recover from cyber-attack

The European Central Bank (ECB) has announced plans to carry out a cyber resilience stress test on 109 directly supervised banks in 2024.

In the stress test scenario, firms will be hit by a successful cyber-attack that disrupts their daily operations.

The exercise will assess how banks respond to and recover from a cyber-attack, rather than their ability to prevent it.

Under the stress test, banks will be expected to test a number of measures, including activating emergency procedures and contingency plans and restoring normal operations.

Supervisors from the ECB will subsequently assess the extent to which banks can cope under such a scenario.

The central bank said that as part of the exercise, 28 banks will undergo an enhanced assessment for which they will submit additional information on how they coped with the cyber-attack.

It added that this sample covers different business models and geographies to provide a "meaningful reflection of the euro area banking system and ensure there is efficient coordination with other supervisory activities".

"This predominantly qualitative exercise will not have an impact on capital through the Pillar 2 guidance, which is a bank-specific capital recommendation on top of the binding requirements," said the ECB. "Rather, the insights gained will be used for the wider supervisory assessment in 2024."

Following the test, supervisors will discuss the findings and lessons learned with each bank as part of the 2024 Supervisory Review and Evaluation Process, which assesses a bank’s individual risk profile.

The main findings of the exercise are expected to be revealed by the summer.



Share Story:

Recent Stories


The human firewall: Activating employees to safeguard financial data
As financial services increasingly embrace SaaS and cloud-based technologies, they face emerging threats to safeguard sensitive customer data. While comprehensive IT security measures are essential, the active involvement of employees across organisations is pivotal in ensuring the protection of sensitive data.

Building a secure financial future for instant payments: The convergence of ISO 20022 and fraud detection
The financial landscape is rapidly evolving its approach to real-time transactions under the ISO 20022 standard, and financial institutions must take note. With examples such as the accelerated adoption of SEPA Instant Credit Transfers in Europe and proposed New Payment Architecture (NPA) programme in the UK, the need for swift and effective fraud detection is more crucial than ever.

Data Streaming and Consumer Duty: Transforming customer experience in banking
Introduced at the end of July, the Consumer Duty is a game-changing new set of rules and guidance for financial services institutions in the UK, and companies must look to modernise their systems in adherence with it in mind to create the best customer experience possible.

From insight to action: Empowering financial institutions through advanced technology and collaborative information sharing
The use of Information sharing in enhancing financial crime prevention has been universally agreed as being beneficial. However no-one has been able to agree on how information can be shared safely without breaching data protection laws or having the right systems to facilitate this, Information sharing has re-emerged as a major consideration for financial institutions (FIs) ahead of the Economic Crime and Corporate Transparency Bill being made into law in the UK.