The European Central Bank says there is “room for improvement” after conducting its first thematic stress tests on cyber resilience to determine how well individual banks would respond to and recover from a cyber attack.
The tests saw 109 supervised banks face a hypothetical scenario in which a cyberattack succeeded in disrupting their critical IT infrastructure. Of these, 28 banks underwent an enhanced assessment for which they will submit additional information on how they coped with the cyberattack.
The stress test scenario saw all preventive measures fail and a cyberattack severely affect the databases of each bank’s core systems. This meant that the focus was on how banks would respond to and recover from a cyberattack, rather than on how they would prevent it.
In a blog, ECB supervisor Anneli Tuominen says the results show that “while banks do have high-level response and recovery frameworks in place, there is still room for improvement. Banks need to ensure that their recovery capabilities are sufficient to handle worst-case scenarios and that they can meet their recovery objectives to protect customer assets and customer data, maintain…