Share

Cybersecurity, Cipollone (ECB): cyber attacks cost 200 billion dollars. Banks and authorities collaborate

Cyber ​​threats represent a “systemic risk to the stability of the European financial system” but despite this the attacks go unreported. For Cipollone it is "necessary to continuously work together". The ECB's stress tests on the cybersecurity of European banks will soon be held

Cybersecurity, Cipollone (ECB): cyber attacks cost 200 billion dollars. Banks and authorities collaborate

I IT risks have become “one of major threats to global security, with an estimated annual cost of more than $200 billion.” Cyber ​​threats represent a “systemic risk for the stability of the European financial system, but cyberattacks often go unreported." She said it Peter Cipollone, member of the Executive Board of ECB, during the meeting of the Euro Cyber ​​Resilience Board (ECRB) for pan-European financial infrastructures: “the market infrastructure financial networks are networks that mitigate risks but which if they present malfunctions can also become one source of systemic risk. This is clearly highlighted by the increased threat of cyber attacks and the damage and difficulties they can cause", it is therefore important - underlines Cipollone - to have no room for compromises, "we must always be one step ahead of those attacks us."

Evolving and more aggressive cyber threats

Cyber ​​threats “are becoming more aggressive, getting closer to the heart of the financial system", and "geopolitical conflicts lead to a further increase" in attacks, which "highlights the need to continue investing in cyber resilience" explains Cipollone. In this context the new technologies they should be seen as gods useful resources to improve cyber resilience but always with caution: for example, artificial intelligence can be exploited for sophisticated attacks, with hackers taking advantage of it for social engineering, reconnaissance and exploitation.

“To achieve this – underlines Cipollone – we must take a large-scale approach work continuously together".

Collaboration between banks and authorities is necessary

Cipollone thus highlighted the key role of the ECRB in bringing together “pan-European financial infrastructures, critical service providers and European authorities” to strategically discuss cyber risks and share sensitive information securely. Forums such as the ECRB "offer great benefits", allowing us to "join cybersecurity efforts" and anticipate future threats.

For these reasons the ECRB "represents a leading effort on this front. At the same time central banks e authorities must work together internationally, in close collaboration with companies, given that the risks are not a regional phenomenon but a global threat. As the new President of the ECRB I look forward to working on these challenges to improve our common resilience,” said Cipollone.

Piero Cipollone then underlined that financial entities must adopt sound risk management practices, considering the increase in outsourcing and dependence on third-party service providers. He highlighted the importance of conduct due diligence before awarding contracts to suppliers. The authority, especially central banks, must monitor carefully, requiring financial infrastructures to identify, assess and manage interdependencies related to third-party service providers, as well as supervise critical service providers.

By working together, “we are better equipped to deepen our understanding of cyber threats, defend against them, and minimize their possible impact.”

The importance of reporting

Cipollone reiterated the importance of identifying potential weak points to effectively mitigate cyber risks, allowing for more informed decisions and the appropriate allocation of necessary resources.

“A key element of cyber resilience is reporting and disclosure of cyber incidents by infrastructures and entities in the financial sector and other critical sectors. Considerations on the impact on reputation and customer or investor trust may of course be at play, but should not influence incident reporting requirements under relevant regulatory and supervisory frameworks. In fact, any failure to report incidents could worsen the impact and compromise the containment of a cyber attack" explains the former deputy governor of the Bank of Italy.

Another fundamental element to mitigate risks is that of have precise plans to disclose incidents to interested parties and the public.

Over the course of the year, the ECB will conduct stress tests on 109 banks under direct supervision to assess their response and recovery capacity in the event of cyber attacks.

comments