Cyber incidents are growing rapidly in frequency and sophistication, underlining the importance of strong cyber risk safeguards. At the same time, the cyber threat landscape is expanding amid digital transformation, increased dependencies on third-party service providers and geopolitical tensions. Growing interconnectedness of the financial system increases the likelihood of a cyber incident at one financial institution, or an incident at one of its third-party service providers, having spill-over effects across borders and sectors.

Timely and accurate information on cyber incidents is crucial for effective incident response and recovery and for promoting financial stability. Recognising this, the G20 asked the FSB to deliver a report on achieving greater convergence in cyber incident reporting.

To inform its work, the FSB conducted a survey of FSB members to: identify the most common reporting objectives and types of reporting performed; understand the practical issues financial authorities and financial institutions have in collecting or using incident information; identify the information items authorities collect to meet the common reporting objectives, and explore the mechanisms for financial authorities to share incident information across borders and sectors.

This consultative document:

  • Sets out recommendations to address impediments to achieving greater convergence in cyber incident reporting with a view to promote better practices;

  • Advances work to develop common terminologies around cyber; and

  • Proposes the development of a format for incident reporting exchange (FIRE) to promote convergence, address operational challenges arising from reporting to multiple authorities and foster better communication.

The FSB is inviting feedback on this consultative document, in particular on the questions set out in the report (a Word template is available here). Responses should be sent to [email protected] by 31 December 2022 with the subject line ‘CIR Convergence’. Responses will be published on the FSB’s website unless respondents expressly request otherwise.