The Eurosystem’s cyber resilience strategy for financial market infrastructures

Following the financial crisis, legislation and standards aimed at improving capitalisation and liquidity, risk management, recovery and resolution have made the financial system safer and more resilient than it was 10 years ago. At the same time, however, digitalisation and globalisation have not only opened up new opportunities for individuals and businesses to obtain information, conduct business and communicate, but also enabled cybercriminals to conduct ever more sophisticated, targeted and destructive cyberattacks. Against this background, the Eurosystem — in its function as overseer — launched a strategy for cyber resilience of financial market infrastructures. This paper gives an insight into the Eurosystem’s strategy for ensuring cyber resilience in financial market infrastructures, which is embedded in an evolving universe of cyber-related legislation, standardisation and guidance in the EU and at international level. The aim of the Eurosystem’s cyber resilience strategy is to improve the cyber resilience of the EU’s financial ecosystem by enhancing individual financial market infrastructures’ readiness and by fostering sectoral resilience and collaboration, in the context of increasing interdependencies, vulnerabilities and threats. It consists of three pillars: financial market infrastructure readiness, sector resilience and strategic regulator–industry engagement. Overall, it is recognised that maintaining and improving cyber resilience is only possible if governments/government agencies, public authorities, committees and market actors adopt joint approaches, eg by agreeing and standardising common frameworks. At the same time, the responsibility to ensure cyber resilience is and stays with each and every financial institution and financial market infrastructure.