Press enquiries:
+41 61 280 8138
[email protected]
Ref no: 13/2020

The Financial Stability Board (FSB) today published a consultation report on Effective Practices for Cyber Incident Response and Recovery, which was sent to G20 Finance Ministers and Central Bank Governors for their virtual meeting on 15 April. The toolkit of effective practices aims to assist financial institutions in their cyber incident response and recovery activities.

Cyber incidents pose a threat to the stability of the global financial system. In recent years, there have been a number of major cyber incidents that have significantly impacted financial institutions and the ecosystems in which they operate. A major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.

Efficient and effective response to and recovery from a cyber incident by organisations in the financial ecosystem are essential to limiting any related financial stability risks. Such risks could arise, for example, from interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers, from loss of confidence in a major financial institution or group of financial institutions, or from impacts on capital arising from losses due to the incident. The toolkit lists 46 effective practices, structured across seven components:

  1. Governance - frames how cyber incident and recovery is organised and managed.

  2. Preparation – to establish and maintain capabilities to respond to cyber incidents, and to restore critical functions, processes, activities, systems and data affected by cyber incidents to normal operations.

  3. Analysis – to ensure effective response and recovery activities, including forensic analysis, and to determine the severity, impact and root cause of the cyber incident to drive appropriate response and recovery activities.

  4. Mitigation – to prevent the aggravation of the situation and eradicates cyber threats in a timely manner to alleviate their impact on business operations and services.

  5. Restoration – to repair and restore systems or assets affected by a cyber incident to safely resume business-as-usual delivery of impacted services.

  6. Improvement – to establish processes to improve response and recovery capabilities through lessons learnt from past cyber incidents and from proactive tools, such as tabletop exercises, tests and drills.

  7. Coordination and communication – to coordinate with stakeholders to maintain good cyber situational awareness and enhances the cyber resilience of the ecosystem.

The FSB welcomes comments and responses to the questions set out in the consultation report, by Monday 20 July 2020. The final toolkit, taking on board the feedback from this public consultation, will be sent to the October G20 Finance Ministers and Central Bank Governors meeting and published.

Notes to editors

The FSB coordinates at the international level the work of national financial authorities and international standard-setting bodies and develops and promotes the implementation of effective regulatory, supervisory, and other financial sector policies in the interest of financial stability. It brings together national authorities responsible for financial stability in 24 countries and jurisdictions, international financial institutions, sector-specific international groupings of regulators and supervisors, and committees of central bank experts. The FSB also conducts outreach with approximately 70 other jurisdictions through its six Regional Consultative Groups.

The FSB is chaired by Randal K. Quarles, Vice Chairman, US Federal Reserve; its Vice Chair is Klaas Knot, President of De Nederlandsche Bank. The FSB Secretariat is located in Basel, Switzerland, and hosted by the Bank for International Settlements.