On 3 January 2024, the European Central Bank (ECB) announced that it will be conducting a cyber resilience stress test on 109 directly supervised banks in 2024.

The exercise will assess how banks respond to and recover from a cyberattack, rather than their ability to prevent it.

As part of the exercise, 28 banks will undergo an enhanced assessment for which they will submit additional information on how they coped with the cyberattack. The sample will cover different business models and geographies to provide a meaningful reflection of the euro area banking system and ensure there is efficient coordination with other supervisory activities.

The cyber resilience stress test will be a predominantly qualitative exercise and as such will not have an impact on capital through the Pillar 2 guidance, which is a bank-specific capital recommendation on top of the binding requirements. Rather, the insights gained from the cyber resilience stress test will be used for the wider supervisory assessment in 2024.