The European Central Bank is set to conduct its inaugural thematic stress tests focused on cyber resilience to evaluate how effectively individual banks can respond to and recover from a cyber attack.
These tests will involve 109 supervised banks and simulate a scenario in which a cyberattack disrupts each bank’s daily operations. Participants will analyze their response and recovery strategies, including the implementation of emergency protocols and contingency measures to restore normal operations. The primary aim of this exercise is to assess the banks’ responses and recovery capabilities in the aftermath of a cyberattack rather than their preventive measures.
In addition to the standard assessment, 28 banks will undergo a more extensive review, providing additional insights into their strategies for coping with the cyber incident. This selection represents a variety of business models and geographical regions, ensuring a comprehensive evaluation of the euro area banking system and facilitating effective coordination with other supervisory initiatives.
These stress tests underscore the concerns of supervisory authorities regarding the potential for significant disruption and financial instability stemming from a major cyber attack on the banking sector, which has become progressively reliant on digital technologies for its operations.
In October, Lloyd’s of London issued a warning that a substantial cyber attack on a critical payments system could have a staggering economic impact, estimating costs at $3.5 trillion globally.
Previous targeted stress tests carried out by the ECB included a deep dive into interest rate risk sensitivity analysis in 2017, liquidity risk sensitivity analysis in 2019, and a climate risk stress test in 2022.