ESRB publishes report on operational policy tools for cyber resilience

As part of its macroprudential strategy to advance system-wide cyber resilience, the European Systemic Risk Board (ESRB) today published a report focusing on three groups of operational policy tools:

  1. Tools for gathering, sharing and managing information provide high-quality data for monitoring, tool calibration and ex post management of systemic cyber incidents. These tools, as well as cyber incident reporting centres, are vital for an EU-wide information sharing mechanism.
  2. Coordination tools help authorities and financial institutions mitigate potential negative effects on financial stability by ensuring an effective joint response across all stakeholders. The ongoing implementation of a pan-European systemic cyber incident coordination framework (EU-SCICF) will greatly improve efforts in this regard.
  3. Emergency and backup systems which are put in place to help ensure continuity of critical economic functions even in acute emergency situations.

Against this background, three avenues may be considered by private and public institutions:

  1. improving information management and information sharing efforts;
  2. aligning crisis management and coordination practices;
  3. considering the pros and cons of system-wide contingency options and backup arrangements.

This report builds on the ESRB’s extensive work on how to mitigate risks from a systemic cyber incident. The ESRB’s first report on systemic cyber risk lays the conceptual foundation for a macroprudential response to systemic cyber risk. The report on mitigating systemic cyber risk includes the basis for the systemic impact tolerance objective (SITO) approach to define thresholds beyond which macroprudential policy responses may be needed to avoid severe damage to the financial sector. The report on advancing macroprudential tools for cyber resilience evaluates preventative and remedial responses in the hands of authorities, including the use of capital buffers and cyber resilience scenario testing (CyRST).

Download the full PDF version

ESRB publishes report on operational pol... (PDF - 71 Ko)