The possibility of a serious cyber incident poses a systemic risk to the financial system, with serious consequences for the real economy, warns a report from the European Systemic Risk Board (ESRB).
As the global financial system becomes ever more digitalised it is increasingly reliant on the robustness of its IT infrastructures and the confidentiality, integrity and availability of data and systems, says the report.
This robustness is being tested by ever more persistent and prevalent malicious cyber incidents targeting large organisations and with the potential to spread across sectors and geographical borders.
A cyber incident can evolve into a systemic crisis when it erodes trust in the financial system because it involves the destruction, encryption or alteration of data related to value, argues the ESRB.
"For instance," says the report, "a perceived irrecoverable destruction, alteration or encryption of account balances of one or several financial institutions could constitute a sufficiently severe shock to the financial system."
Such shocks could cause a cyber incident to develop into a systemic event, impairing the provision of key economic functions, generating significant financial losses and undermining confidence in the financial system.
To mitigate the risks of a cyber incident becoming a system risk, the report says stakeholders need to make sure they are ready for rapid coordination, while authorities will need to offer clear and consistent communication to shore up confidence.
"Finally, the cyber equivalent of capital buffers is preparedness and resilience. In that sense, the operationalisation of systemic resilience mechanisms such as data vaulting, among other things, merits further exploration."
Read the full report:Download the document now 973.7 kb (Chrome HTML Document)