FSB calls for standardised cyber breach reporting

The Financial Stability Board (FSB) is urging the financial sector to develop a common method for reporting cyber incidents

Financial institutions have been hit with increasing cyber attacks over the past few years, with a rapid rise during the pandemic. 

In a survey conducted by the Ponemon Institute research centre, 70% of financial services companies in the UK suffered cyberattacks in 2020, with 59% of such attacks being exacerbated as a result of hackers targeting people working in remote environments.  It was found that 41% of such companies fear that remote workers are putting them at real risk of suffering a major data breach.

As cybersecurity threats grow, fragmented reporting of security incidents represents an increased vulnerability. In response, the Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system,  is calling on regulators to pursue harmonised reporting.

Creating a common way of reporting cyber incidents 

In a new report, the FSB said that cyber incident reporting requirements remain fragmented across jurisdictions and between sectors. There are also differences in reporting methodologies, timelines, and in how reports are used.

The FSB found that fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used. This fragmentation could undermine a financial institution’s response and recovery actions, and underscores a need to address constraints in information-sharing among financial authorities and financial institutions.

Working to achieve greater convergence 

The report notes that greater harmonisation of regulatory reporting of cyber incidents would promote financial stability by: (i) building a common understanding, and the monitoring, of cyber incidents affecting financial institutions and the financial system, (ii) supporting effective supervision of cyber risks at financial institutions; and (iii) facilitating the coordination and sharing of information amongst authorities across sectors and jurisdictions.

The FSB has identified three ways that it will take work forward to achieve greater convergence in cyber incident reporting:

  • Develop best practices. Identify a minimum set of information related to cyber incidents that financial authorities may require to promote financial stability.
  • Identify common types of information to be shared. This would help authorities better understand impacts of a cyber incident across sectors and jurisdictions, and to understand any legal and operational impediments to sharing such information.
  • Create common terminologies for cyber incident reporting. Further work on cyber incidents will be underpinned by a common language, including a common definition for ‘cyber incident’.


 

Share

Featured Articles

Five New Trends Driven by Uncertainty in Cryptocurrency

As the markets show signs of recovery from the recent cryptocurrency crash, we look at five new trends emerging from the crisis

Meta makes 2nd attempt at virtual currency with ‘Zuck Bucks'

Arthur Caplin, solicitor and specialist in tech and crypto regulatory matters at law firm BLM, discusses Meta’s latest venture into cryptocurrency.

What Technologies are Driving the Digital Wallet Trend?

The advance of technology is providing us with new ways to pay. So what are digital wallets, how do they work and what will their future look like?

Is the US$10bn Decacorn the new Unicorn for Fintechs?

Financial Services (FinServ)

Five Emerging Fintech Hubs to Watch in 2022

Financial Services (FinServ)

Why are Banks and Fintechs Entering the Metaverse?

Crypto