RegionsEEAEU says banks must declare cyber security breaches

EU says banks must declare cyber security breaches

European banks will be forced to reveal any cybersecurity breaches in future under proposed European Central Bank regulation.

European banks supervised by the European Central Bank (ECB) will be forced to reveal any cybersecurity breaches as of this summer.

The announcement was made on Monday by Sabine Lautenschlaeger, a member of the ECB’s executive board.

It is not yet clear what the penalty will be if a bank fails to notify the ECB about a significant breach.

American companies are already required to follow the procedure and US banks are known for having higher cybersecurity defences than their European counterparts.

Derek Taylor, compliance and regulatory consulting managing director at advisory firm Duff & Phelps, said that to date there is little cybersecurity legislation directed at European financial services firms.

“US banks have stolen a significant march on British and European firms when strengthening their cyber defences in the last year. US investment in cyber defence strategies has largely been driven by recent regulatory developments across the pond,” said Taylor.

“In particular, the Commodities and Futures Trading Committee (CFTC) and the New York state financial regulator have both outlined extremely detailed cyber security legislation directed at the country’s financial services sector.”

The previous lack of cyber security regulation directed at European financial services means that some companies may be behind best practice in this area. Lautenschlaeger’s announcement seems to recognise this discrepancy which Taylor said is “a welcome step forward in ensuring future transparency”.

The announcement comes as the EU prepares for the General Data Protection Regulations (GDPR), which are due to come into effect in May 2018.

Cyber security is becoming an increasingly prominent topic among executives as the UK’s National Health Service (NHS) was among a number of institutions worldwide that suffered a cyber attack last month.

The central banks of Russia and Bangladesh were also both targeted by hackers in 2016, the latter suffering a heist in which it lost US$81m.

Related Articles

10 weeks to PSD2 implementation: What you need to know

Banking 10 weeks to PSD2 implementation: What you need to know

5m Alex Hammond
The future of banking: it’s all about sharing

Automation The future of banking: it’s all about sharing

8m Edward Berks
A ‘wait and see’ approach won’t work: US businesses must prepare for GDPR

Bank Relationships A ‘wait and see’ approach won’t work: US businesses must prepare for GDPR

8m Patrick Lastennet
The death of the password: biometric banking

Automation The death of the password: biometric banking

8m Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

8m Keiron Dalton
Achieving a head start in the API economy

Asia Pacific Achieving a head start in the API economy

9m Venky Srinivasan
Towards the bank of tomorrow

Automation Towards the bank of tomorrow

9m James Kipling
Banks must up capital reserves says BoE Financial Stability Report

Bank Relationships Banks must up capital reserves says BoE Financial Stability Report

10m Victoria Beckett