The regulator will invest "significant amount of time and resources" in the process, which is set to be completed by mid-2024. It will check for banks' ability to respond to and recover from cyberattacks, ECB's top official for oversight, Andrea Enria, said in an interview with Lithuanian journalist Naglis Navakas.
ECB Cyber Stress Tests
The move from the agency comes amid worries about cyberthreats accelerated by Russia's ongoing invasion of Ukraine. The cyber dimension of the invasion appears mainly contained within Ukraine, "but there is a need to strengthen the defences in this area," Enria said.
The ECB has announced plans to conduct cyber stress tests on European financial institutions that will simulate a range of cyber incidents, including DDoS attacks, data breaches, and ransomware attacks.
The aim of the tests is to identify vulnerabilities in banks' IT systems and to assess their ability to respond to and recover from cyber incidents. The results of the tests will be used to inform the development of cyber security policies and practices, as well as to guide investments in IT security.
Cyberattacks against lenders have gone up in recent months and include incidents that have caused market disruptions.
In Feb. 2, 2023 The LockBit ransomware-as-a-service group added ION Group to its data leak site, stating that it will publish "all available data" on the morning of Feb. 4 unless it receives an extortion payment.
ION Cleared Derivatives is part of ION Group, which offers software designed to automate the complete trade life cycle and the derivatives clearing process. It said in a statement on its website that a "cybersecurity event" had affected some of its services and that "the incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing."
Thet London-based ION Cleared Derivatives, which supports significant volume of derivatives trading, forced major European banks to process trades manually, causing delays in settling trades.
Regulations on Third-Party Service Providers
In addition to the ECB's review, Rostin Behnam, the chairman of the US Commodity Futures Trading Commission, has announced that the agency will be working on regulations requiring the derivatives market to exercise more due diligence of third-party service providers.
This is in response to the increasing number of cyber attacks targeting financial institutions that rely on third-party service providers for critical IT services. Cyber criminals often target third-party service providers as a way to gain access to the IT systems of financial institutions.
By requiring the derivatives market to exercise more due diligence of third-party service providers, the US Commodity Futures Trading Commission aims to reduce the risk of cyber attacks targeting financial institutions. This is an important step towards improving cyber security in the financial sector, and could help to prevent future cyber attacks like the Lockbit ransomware attack against The ION Cleared Derivatives.
Such incidents have prompted other regulators to take active measures to counter various cyberthreats. Following the ION hack, Rostin Behnam, the chairman of US Commodity Futures Trading Commission, said that the agency will be working on regulations requiring the derivatives market to exercise more due diligence of third-party service providers.