Despite the maturity of the Netherlands’ cyber resilience practices, the interconnectedness of the financial system and the continued evolution of cyber threats calls for a continued focus and further enhancements.
The Netherlands has made significant progress in enhancing cyber resilience within its financial sector, reflecting its strong commitment over many years. It has developed several market leading practices such as the Threat Intelligence-Based Ethical Red-teaming (TIBER) and Advanced Red Teaming (ART) frameworks. Dutch authorities and government agencies demonstrate high levels of cooperation and information sharing with each other and with the industry. Industry actively contributes to the comprehensive gathering and sharing of threat intelligence, and a national-level crisis-management structure brings together financial authorities to ensure coordination and collaboration during major operational disruptions.
Despite the maturity of the Netherlands’ cyber resilience practices, the interconnectedness of the financial system and the continued evolution of cyber threats calls for a continued focus and further enhancements. The FSB recommends that:
- Dutch authorities regularly review the purpose and membership of the groups established for information sharing with the industry to ensure they remain efficient and effective, and explore ways to enable rapid information sharing during a crisis;
- De Nederlandsche Bank (DNB) continues to support the take-up of ART testing by developing strategies to ensure more financial entities are sufficiently mature to conduct a form of cyber resilience / red teaming testing such as ART;
- Dutch authorities continue efforts to establish national analysis of existing registers of information to identify critical third-party providers in the Netherlands, assess concentration risks and define a strategy to address domestically critical third parties.