The European Central Bank (ECB) concluded its first Cyber Resilience Stress Test in July 2024. The exercise entailed testing the ability of 109 regional and global banks operating in the EU to respond and recover to a “severe but plausible” cybersecurity incident. The exercise involved a fictitious scenario in which the databases of each organization’s core banking system were successfully compromised by an attacker.
Until now, the ECB’s stress tests have focused on banks’ resilience and ability to stay afloat in the face of financial and economic shocks. However, a surge in cyber incidents reported to the ECB over the last couple of years has focused its attention on digital and cyber risk; so much so that it’s now one of the bank’s top supervisory priorities, alongside macro-financial, geopolitical and environmental risks.
Tackling Cyber Risk
The results of the ECB Cyber Stress Test revealed that, while banks generally had response and recovery frameworks in place, several important areas still require improvement. Some key domains called out—such as business continuity and third-party risk—are neither new nor revelatory, yet they are continually being…
