The European Central bank is to run its first thematic stress tests on cyber resilience to determine how well individual banks would respond to and recover from a cyber attack.
The tests, conducted with 109 supervised banks, adopt a scenario in which a cyberattack succeeds in disrupting each bank’s daily business operations.
Banks will then test their response and recovery measures, including activating emergency procedures and contingency plans and restoring normal operations. The exercise will assess how banks respond to and recover from a cyberattack, rather than their ability to prevent it.
As part of the programme, 28 banks will undergo an enhanced assessment for which they will submit additional information on how they coped with the cyberattack. This sample covers different business models and geographies to provide a meaningful reflection of the euro area banking system and ensure there is efficient coordination with other supervisory activities.
The tests demonstrate the concern among supervisory authorities of the potential for disruption and financial instability from a major cyber attack on the banking sector, which is increasingly reliant on digital technology to maintain operations.
Insurance marketplace Lloyd's of London in October warned that a major cyber attack on a systemic payments system could cost the world economy $3.5 trillion.
Previous targeted stress tests conducted by the ECB include a deep dive into the sensitivity analysis of interest rate risk in the banking book in 2017, the sensitivity analysis of liquidity risk in 2019 and the climate risk stress test in 2022.