Press enquiries:
+41 61 280 8477
[email protected]
Ref: 27/2021

The Financial Stability Board (FSB) today published a report on existing approaches to cyber incident reporting and next steps for broader convergence.

Cyber incidents remain a threat to the financial system and are rapidly growing in frequency and sophistication. In light of increasing financial stability concerns, especially given the digitalisation of financial services and increased use of third-party service providers, the FSB explored whether harmonisation in cyber incident reporting could be achieved.

The FSB found that fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used. This fragmentation could undermine a financial institution’s response and recovery actions, and underscores a need to address constraints in information-sharing among financial authorities and financial institutions.

The report notes that greater harmonisation of regulatory reporting of cyber incidents would promote financial stability by: (i) building a common understanding, and the monitoring, of cyber incidents affecting financial institutions and the financial system, (ii) supporting effective supervision of cyber risks at financial institutions; and (iii) facilitating the coordination and sharing of information amongst authorities across sectors and jurisdictions.

The FSB has identified three ways that it will take work forward to achieve greater convergence in cyber incident reporting:

  • Develop best practices. Identify a minimum set of information related to cyber incidents that financial authorities may require to promote financial stability.

  • Identify common types of information to be shared. This would help authorities better understand impacts of a cyber incident across sectors and jurisdictions, and to understand any legal and operational impediments to sharing such information.

  • Create common terminologies for cyber incident reporting. Further work on cyber incidents will be underpinned by a common language, including a common definition for ‘cyber incident’.

By end-2021, the FSB will develop a detailed plan for taking this work forward.

Notes to editors

G20 Finance Ministers and Central Bank Governors in their 13 October 2021 communiqué welcomed this FSB Report on Cyber Incident Reporting and said that they will work to achieve greater convergence in this area.

The FSB coordinates at the international level the work of national financial authorities and international standard-setting bodies and develops and promotes the implementation of effective regulatory, supervisory, and other financial sector policies in the interest of financial stability. It brings together national authorities responsible for financial stability in 24 countries and jurisdictions, international financial institutions, sector-specific international groupings of regulators and supervisors, and committees of central bank experts. The FSB also conducts outreach with approximately 70 other jurisdictions through its six Regional Consultative Groups.

The FSB is chaired by Randal K. Quarles, Governor, US Federal Reserve; its Vice Chair is Klaas Knot, President of De Nederlandsche Bank. The FSB Secretariat is located in Basel, Switzerland, and hosted by the Bank for International Settlements.