The European Central Bank (ECB) will conduct a stress test of 109 financial institutions under its direct supervision on the ability to restore the functioning process after cyber attacks.
The specified testing will be conducted this year. So far, there is no information about the timing of the implementation of this initiative. As part of the testing, an assessment of the ability of financial institutions to cope with the consequences of attacks in the virtual space will be given. The general algorithms of banks’ responses to such incidents in the digital dimension will also be studied.
It should be clarified that in this case, the pan-European financial regulator intends to find out not how creditors are fighting against illegal actions by hackers, but how these organizations restore their work after these attacks.
The stress test scenario planned for the current year provides for modeling a potentially possible situation in which cybercriminals manage to provoke a failure in the bank’s daily business operations. After the incident, financial institutions must take response and recovery measures. In this case, the standard algorithm of actions designed for emergencies provides for the activation of special procedures and move plans. As part of the testing, the main goal of a financial institution should be to restore the process of full functioning of its system of operations as quickly as possible.
The ECB will assess the extent to which banks can cope with the consequences of an attack in the virtual space in the context of solving the task of resuming business as usual.
During the upcoming stress test, 28 financial institutions will be assessed under an expanded set of criteria. These lenders will provide the regulator with additional information on response measures in response to hacker interference in the business processes.
The testing will affect financial institutions in different regions and with different business models. In this case, large-scale coverage is necessary to form an idea of the average statistical state of the functional base of the eurozone banking system. Also, a large number of creditors will ensure effective coordination with other supervisory activities.
This testing does not concern capital in any way. The media reports that it is highly likely that information on the results of financial institutions’ actions to restore operations after a simulated cyber attack will be used to form a broader supervisory assessment this year. Watchdogs will discuss the level of demonstrated effectiveness with each bank separately. After that, an individual risk profile of financial institutions will be compiled.
The media reports that the test results will be published this summer. This means that the verification will be carried out in the first half of 2024.
The ECB conducts annual stress tests following Article 100 of the Capital Requirements Directive. Every two years, an inspection is carried out throughout the EU. The testing process is coordinated by the European Banking Authority. For example, in 2019, a liquidity risk sensitivity analysis was conducted. A stress test of climate risk was conducted in 2022.
As we have reported earlier, Lloyd’s Reports Potential Global Consequences of Payments System Cyber Attack.