Despite having frameworks to respond to cyberattacks, European banks still have cybersecurity weaknesses to address, according to the results of a cyber resilience stress test by the European Central Bank (ECB).
The stress test, launched in January, included exposing banks to a fictional scenario whereby the databases of core systems were severely disrupted. The test focused on the banks' response and recovery from a cyberattack, as opposed to frameworks for their prevention.
Overall, the test revealed that "high-level response and recovery frameworks are in place," affirmed Anneli Tuominen, a Member of the ECB's Supervisory Board. Nonetheless, Tuominem emphasised that there is still "room for improvement."
The ECB member further highlighted the importance of preparing for cyberattacks considering the increased digitisation of the financial sector and the growing geopolitical tensions that have left financial systems exposed to such threats.
The dangers of potential cyberattacks are further escalated by the "interconnected nature of today's banking networks," explained Tuominen. She used the recent global CrowdStrike incident to exemplify the "cascading effects" of a cyber incident in a single institution.
The stress test included the participation of 109 banks, which were under the ECB's direct supervision at the start of the test. A sample of 28 banks faced a more extensive testing procedure. Individual feedback was given to each bank.
The ECB did not specify the names of the banks, but stated that they were reflective of the "wider euro area banking system."
