Cyber incidents pose a threat to the stability of the global financial system, and the remote working environments in light of the COVID-19 pandemic have heightened the need for attention. A significant cyber incident, if not properly contained, could seriously disrupt the financial system, including critical financial infrastructure, leading to broader financial stability implications. Efficient and effective response to and recovery from a cyber incident is essential to limiting any related financial stability risks. Such risks could arise, for example, from interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers from loss of confidence in a major financial institution or group of financial institutions, or from impacts on capital arising from losses due to the incident. The cyber resilience of organisations is crucial for the smooth functioning of the financial system and in engendering financial stability.

Enhancing cyber incident response and recovery at organisations is an important focus for national authorities. National authorities are in a unique position to gain insights on effective cyber incident response and recovery activities in financial institutions from their supervisory work, and their observations across multiple organisations can help suggest areas for enhancement. Authorities also have an important role to play in responding to cyber incidents that present potential risks to financial stability. Authorities may also, as appropriate, support organisations in sharing information to protect against threats that could have a detrimental impact on financial stability.

The toolkit includes 49 practices for effective cyber incident response and recovery across seven components: (i) governance, (ii) planning and preparation, (iii) analysis, (iv) mitigation, (v) restoration and recovery, (vi) coordination and communication, and (vii) improvement. The final toolkit draws on the feedback from a public consultation process, including four virtual outreach meetings. The report was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting.

This final version of the toolkit drew on feedback provided during a public consultation, including four virtual stakeholder workshops. The report was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting.