European Central Bank (ECB) has announced
ECB to test over 100 European banks cyber resiliency

The European Central Bank (ECB) will test over 100 European banks on their ability to respond to and recover from cyber-attacks.

The European Union’s central bank will perform its first cyber resilience stress test on 109 banks under its supervision in 2024. The test will evaluate the banks’ capacity to handle a cyber-attack successfully, rather than just preventing it.

The ECB evaluated banks’ IT risk management in November 2023 and found little progress in the sector. This announcement follows that evaluation.

It found “serious supervisory concerns that confirm the need to continue on-site inspections in conjunction with tailored discussions between banks and supervisors.”

How Will the Cyber Resilience Stress Test Work?

In the stress test scenario, a cyber-attack will have successfully disrupted the bank’s daily business operations. Supervisors will watch the bank’s response and recovery measures, including their ability to activate emergency procedures and restore normal operations.

Additionally, 28 banks will go through a more detailed evaluation, where they will need to provide additional information about how they dealt with the cyber-attack.

This will also check if there is enough coordination with other supervisory activities. These 28 banks represent various business models and geographies to reflect the euro banking system.

Supervisors will discuss the stress test results and lessons with each bank as part of the 2024 Supervisory Review and Evaluation Process, which evaluates a bank’s risk profile. The main findings will be published in summer 2024.

In October 2023, Lloyd’s of London predicted that a cyber-attack on a major financial services payment system could cause global economic losses of $3.5 trillion.