The ECB appears to have greater confidence in banks which have significant board level IT expertise than those that do not when it comes to their management of IT risks. It said: “These institutions report higher expenditures in terms of IT innovation and a closer monitoring of IT risks. Through their self-assessments – and when compared to banks with fewer numbers of board members with IT expertise – they report their bank’s IT risk levels and controls more prudently as worse. But they also present themselves as in better control in several IT risk categories including a lower number of successful [cyberattacks] and less downtime of critical IT systems”.
The ECB also highlighted findings that indicate that institutions with the highest ratio of IT innovation budgets have more board members with IT expertise and spend more time discussing IT topics in the monthly or quarterly management board.
While IT governance and board composition priorities are largely internal issues for banks to consider, there are a number of steps banks can take when dealing with suppliers to improve their overall accountability frameworks. These steps include institutions improving the management…