EU says banks must declare cyber security breaches
European banks will be forced to reveal any cybersecurity breaches in future under proposed European Central Bank regulation.
European banks will be forced to reveal any cybersecurity breaches in future under proposed European Central Bank regulation.
European banks supervised by the European Central Bank (ECB) will be forced to reveal any cybersecurity breaches as of this summer.
The announcement was made on Monday by Sabine Lautenschlaeger, a member of the ECB’s executive board.
It is not yet clear what the penalty will be if a bank fails to notify the ECB about a significant breach.
American companies are already required to follow the procedure and US banks are known for having higher cybersecurity defences than their European counterparts.
Derek Taylor, compliance and regulatory consulting managing director at advisory firm Duff & Phelps, said that to date there is little cybersecurity legislation directed at European financial services firms.
“US banks have stolen a significant march on British and European firms when strengthening their cyber defences in the last year. US investment in cyber defence strategies has largely been driven by recent regulatory developments across the pond,” said Taylor.
“In particular, the Commodities and Futures Trading Committee (CFTC) and the New York state financial regulator have both outlined extremely detailed cyber security legislation directed at the country’s financial services sector.”
The previous lack of cyber security regulation directed at European financial services means that some companies may be behind best practice in this area. Lautenschlaeger’s announcement seems to recognise this discrepancy which Taylor said is “a welcome step forward in ensuring future transparency”.
The announcement comes as the EU prepares for the General Data Protection Regulations (GDPR), which are due to come into effect in May 2018.
Cyber security is becoming an increasingly prominent topic among executives as the UK’s National Health Service (NHS) was among a number of institutions worldwide that suffered a cyber attack last month.
The central banks of Russia and Bangladesh were also both targeted by hackers in 2016, the latter suffering a heist in which it lost US$81m.