On 4 December 2018, the Basel Committee on Banking Supervision (Basel Committee) published a report which identifies, describes and compares the range of observed bank, regulatory and supervisory cyber-resilience practices across jurisdictions.

For the purpose of the report, the Basel Committee uses the Financial Stability Board’s Cyber Lexicon definition of cyber-resilience, which defines it as the ability of an organisation to continue to carry out its mission by anticipating and adapting to cyber threats and other relevant changes in the environment and by withstanding, containing and rapidly recovering from cyber incidents.

The report:

  • provides a high-level overview of current approaches taken by jurisdictions to issue cyber-resilience guidance standards;
  • assesses the range of practices regarding governance arrangements for cyber-resilience;
  • focuses on current approaches on cyber-risk management, testing and incident response and recovery;
  • explores the various types of communications and information-sharing; and
  • analyses expectations and practices related to interconnections with third-party services provides in the context of cyber-resilience.