European Supervisory Authorities have issued a stark warning about rising cross-border ICT risks in finance, following their inaugural annual overview of major ICT-related incidents in the EU financial sector. This report, a collaborative effort by the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA), reveals that the interconnected nature of financial institutions is increasingly vulnerable to disruptions.
Ict risks: Insights into the Growing Threat Landscape
The report, released under the framework established by the Digital Operational Resilience Act (DORA), indicates that a significant number of reported incidents are not confined to national borders. Approximately one-third of the 3,383 major ICT-related incidents documented by financial entities across the EU had cross-border implications. This statistic translates to about 0.18 major incidents per entity subject to DORA, underscoring the scale of the challenge facing the financial sector.
Emerging Risks from Advanced Technologies
As financial institutions increasingly rely on advanced artificial intelligence tools, the authorities caution that these innovations may exacerbate cybersecurity risks. The report highlights the necessity for financial entities to bolster their cybersecurity and operational resilience strategies in light of these developments.
Understanding the Nature of ICT Incidents
The findings reveal that while there is a notable cross-border dimension to these incidents, the direct impact on clients and financial transactions has generally been limited. The report attributes incidents primarily to system failures and external events, emphasising the importance of effective third-party risk management and oversight of outsourced services. Coordination with external service providers during crisis response is also deemed crucial.
Cybersecurity Threats Still a Concern
Interestingly, only 10 per cent of the reported incidents were connected to cybersecurity threats. Despite this, the authorities stress the imperative for financial institutions to adhere to the highest cybersecurity standards, particularly as AI-enabled systems become more prevalent. The systemic nature of ICT risk within the financial sector is becoming increasingly apparent, necessitating a robust approach to resilience and supervision.
The Role of DORA in Incident Management
DORA mandates that financial entities follow harmonised rules for the management, classification, and reporting of major ICT-related incidents. This framework aims to ensure consistent notification to all relevant authorities, facilitating a faster and more coordinated response to cross-border disruptions. The report serves as a crucial tool in enhancing the overall resilience of the European financial system.
Moving Forward with Enhanced Resilience
The European Supervisory Authorities conclude that strengthening resilience, supervision, and coordination will be vital for improving the sector’s ability to prevent, absorb, and recover from future disruptions. As the financial landscape continues to evolve, a proactive approach to managing ICT risks will be essential for safeguarding the integrity of the EU financial sector.
