Enhancing cyber resilience is a key element of the FSB’s work programme to promote financial stability. Cyber incidents pose a threat to the stability of the global financial system. A significant cyber incident, if not properly contained, could seriously disrupt the financial system, including critical financial infrastructure, leading to broader financial stability implications. The FSB has undertaken a series of actions to address cyber risks:
Effective practices for cyber incident response and recovery
Efficient and effective response to and recovery from a cyber incident is essential to limiting any related financial stability risks. Such risks could arise, for example, from interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers.
In October 2020 the FSB published a toolkit to promote effective practices for financial institutions’ cyber incident response and recovery. The toolkit is structured across seven components, and includes 49 effective practices. The FSB encourages authorities and organisations to use the toolkit to enhance their response and recovery activities.
In 2018 the FSB published a Cyber Lexicon that comprises approximately 50 core terms related to cyber security and cyber resilience in the financial sector. It is intended to support the work of the FSB, standard-setting bodies, authorities and private sector participants, e.g. financial institutions and international standards organisations, to address financial sector cyber resilience.
In 2017 the FSB published a stocktake on cyber security regulations, guidance and supervisory practices of its member jurisdictions. This work identified, among other things, a need to enhance communication between authorities and the private sector. The stocktake identified further areas for collaboration amongst FSB members.