IT security
Results of the bank stress test on cyber risks in the summer
According to the ECB, 28 institutions will be examined in more detail as part of the bank stress test on cyber risks. photo
© Nicolas Armer/dpa
How well can the major banks in the euro area deal with attacks on their IT systems? An initial stress test by the ECB banking supervisory authority on cyber risks should provide answers.
The ECB banking supervisory authority plans to publish the results of its first stress test on cyber risks for banks in the summer. The European Central Bank (ECB) announced in Frankfurt that 109 directly supervised financial institutions will be examined in 2024 to see how they react to a cyber attack and how they restore their business operations.
“In the stress test scenario, a successful cyber attack causes disruptions in the banks’ day-to-day operations. The banks then test the measures they intend to take in response to a cyber attack and to restore business operations,” explained the ECB. “The supervisory authority then assesses the extent to which the banks can deal with such a scenario.”
In-depth examination of 28 financial institutions
According to the ECB, 28 institutions will be examined in more detail as part of the test. They must provide additional information about how they handled the cyberattack. This sample includes banks with different business models from various geographical areas, the ECB said. The aim is to “gain a meaningful picture of the banking system in the euro area”.
The ECB has been directly supervising the leading banks in the euro area since November 2014. There are currently 113 institutions, including from Germany: Deutsche Bank and Commerzbank, DZ Bank and Dekabank as well as Germany’s largest German savings bank, Hamburger Haspa, as well as the German Apotheker- und Ärztebank (Apo-Bank), Volkswagen Bank and various state banks (BayernLB, LBBW, Helaba, Nord LB).
Recently there have been more cyber attacks again
The ECB wants to take a close look at where banks hand over IT processes to third-party providers in order to save money, as Anneli Tuominen, who is a member of the ECB Banking Supervision Supervisory Board, announced in November: “This is not necessarily accompanied by good risk management.” IT or cloud providers are “certainly a topic that we need to look into in more detail.”
Bank supervisors were alarmed by the recent increasing number of attacks on banks’ IT systems. So far, there has been no attack so serious that individual institutions or even the entire banking system has been destabilized, Tuominen said in November. But she warned: “A successful attack is possible at any time.”