Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

ECB to require banks to report all cyber attacks

Banks supervised by the European Central Bank (ECB) will be required to report all major cyber incidents from this summer, ECB board member Sabine Lautenschlaeger has said.20 Jun 2017

A cyber incident reporting framework will be set up based on a successful pilot run last year.

"This will help us to assess more objectively how many incidents there are and how cyber threats evolve. It will also help us to identify vulnerabilities and common pitfalls," Lautenschlaeger said during a speech in Frankfurt.

"Although the damage has been limited so far, we banking supervisors take cyber risk very seriously. And we insist on banks doing the same," she said.

The ECB also performs reviews to assess the risks facing each bank and the sector as a whole, and to raise awareness of risk, Lautenschlaeger said. Insights from reviews in 2015 and 2016 helped to develop a methodology for on-site inspections, analytical tools for off-site supervisors, and a cyber risk profile of each bank.

Technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com said: "This comes alongside the fraud and risk reporting requirements under PSD2 [the revised Payment Services Directive] related to third party operators. With all of this data comes the responsibility to use it in a way that helps to combat cyber risks.  It’ll be fascinating to see how the ECB’s role develops around that and how it can form part of the ecosystem that exists with industry bodies like FFA (Financial Fraud Action) and commercial security organisations."