United Kingdom (and EU regulation)

ESRB report on advancing macroprudential tools for cyber resilience

On 14 February 2023, the European Systemic Risk Board (ESRB) published a report on advancing macroprudential tools for cyber resilience.

The report has been published given the recent geopolitical backdrop of heightened cyber risk, and the need to boost cyber resilience.

The report builds on previous work by the ESRB to prevent and mitigate risks to financial stability in the event of a cyber-incident.

The report encourages authorities to make progress on three elements:

Cyber resilience scenario testing – The ESRB encourages authorities to pilot system-wide cyber resilience scenario testing as soon as possible. Such pilots can complement other analytical tools that the authorities might be using and deepen their understanding of the risks to system-wide cyber resilience.
Systemic impact tolerances objectives – Defining such objectives can help authorities to assess their own coordination and action capabilities.
Financial crisis management tools – The report finds that the effectiveness of existing financial crisis management tools in responding to a cyber-incident depends on the severity of the impact on the financial system and on how fast it spreads.

The ESRB will continue to work on an EU-wide strategy to help mitigate systemic cyber risk.