In his opening remarks at the Euro Cyber Resilience Board’s ninth meeting, ECB Executive Board Member Piero Cipollone emphasized the escalating cyber threats to global security, particularly affecting the European financial system. He noted the underreported nature of cyberattacks and their estimated global cost exceeding $200 billion.
The Euro Cyber Resilience Board (ECRB) serves as a vital platform for collaboration among pan-European financial infrastructures, service providers, central bank overseers, and European authorities. This forum facilitates strategic discussions on cyber risks and sharing of sensitive information, enhancing the resilience of Europe’s financial system.
Cipollone cited a recent incident where the US SEC’s social media account was hacked, causing a temporary spike in cryptocurrency prices, including Bitcoin. This incident underscores the potential for cyberattacks to manipulate market narratives for financial gain.
The ECRB’s role in consolidating cybersecurity efforts is crucial. The Cyber Information and Intelligence Sharing Initiative (CIISI-EU) of the ECRB helps in anticipating and preparing for future cyber threats. Sharing best practices and adhering to common standards improves protection against such threats.
The current cyber threat landscape
Focusing on increasing cyberattacks on financial institutions and service providers. He highlighted the rise in aggressive cyber threats, including ransomware attacks, and the influence of geopolitical conflicts.
He emphasized two major threat areas: the global threat of ransomware attacks, exemplified by the attack on the Industrial and Commercial Bank of China, and the need for robust risk management against third-party service dependencies, as outlined by the Financial Stability Board.
The ECRB has prioritized supply chain risk management, urging financial entities to conduct due diligence and monitor third-party service providers. The EU’s new regulation on digital operational resilience (DORA) addresses critical ICT third-party providers and creates a pan-European forum for oversight.
Cipollone also addressed the impact of new technologies like AI and quantum computing on cybersecurity, noting both their potential benefits and risks.
The ECB’s cyber resilience surveys of financial market infrastructures are key to assessing and addressing sector-wide vulnerabilities. The correlation between strong governance and cyber resilience was highlighted.
He emphasized the importance of reporting and disclosing cyber incidents, advocating for transparent communication to stakeholders and the public. Trusted groups like CIISI-EU aid in analyzing and learning from cyber threats.
Cipollone stressed the systemic risk posed by malfunctioning financial market infrastructures and the need for a systemic, collaborative approach to cybersecurity. As the new chair of the ECRB, he expressed his commitment to enhancing Europe’s financial sector’s cyber resilience, recognizing cybersecurity as a collective responsibility and a global threat.