Enhancing cyber resilience is a key element of the FSB’s work programme to promote financial stability. Cyber incidents pose a threat to the stability of the global financial system. A significant cyber incident, if not properly contained, could seriously disrupt the financial system, including critical financial infrastructure, leading to broader financial stability implications. The FSB has undertaken a series of actions to address cyber risks:
Cyber incident reporting
Cyber incidents remain a threat to the financial system and are rapidly growing in frequency and sophistication. Recognising that information on cyber incidents is crucial for effective incident response and recovery and for promoting financial stability, the FSB explored ways to promote greater convergence in cyber incident reporting. In October 2021, the FSB published a report that set out three ways to achieve greater convergence in cyber incident reporting.
In response to a G20 call, the FSB has issued a consultative report with proposals for achieving greater convergence in cyber incident reporting. The consultative document takes a comprehensive approach. It includes recommendations to address impediments to convergence, advances work on establishing common terminologies related to cyber incidents and proposes the development of a common format for incident reporting exchange. The FSB will use the feedback from the consultation to issue a final report in 2023.
Effective practices for cyber incident response and recovery
Efficient and effective response to and recovery from a cyber incident is essential to limiting any related financial stability risks. Such risks could arise, for example, from interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers.
In October 2020 the FSB published a toolkit to promote effective practices for financial institutions’ cyber incident response and recovery. The toolkit is structured across seven components, and includes 49 effective practices. The FSB encourages authorities and organisations to use the toolkit to enhance their response and recovery activities.
In 2018 the FSB published a Cyber Lexicon that comprises approximately 50 core terms related to cyber security and cyber resilience in the financial sector. It is intended to support the work of the FSB, standard-setting bodies, authorities and private sector participants, e.g. financial institutions and international standards organisations, to address financial sector cyber resilience.
In 2017 the FSB published a stocktake on cyber security regulations, guidance and supervisory practices of its member jurisdictions. This work identified, among other things, a need to enhance communication between authorities and the private sector. The stocktake identified further areas for collaboration amongst FSB members.