Author
Listed:
- Bouyon, Sylvain
- Krause, Simon
Abstract
In the midst of several large cyberattacks in 2017, the European Commission adopted its multi-sector cybersecurity package in September of that same year. Whereas this initiative can be expected to contribute to strengthening the cyber-resilience and response of EU financial firms, several policy issues and unanswered questions remain. In order to analyse the issues that are considered to be relevant to financial fields (retail banking, corporate banking, capital markets, financial infrastructure and insurance), CEPS-ECRI organised a Task Force between September 2017 and May 2018 with a group of experts from the financial industry, tech industry, national supervisors and European institutions, as well from a consumer association and a law firm. In this Final Report, the Task Force members identify the following nine policy issues that need to be further addressed in order to bolster the financial industry�s cyber-resilience against current and future threats. Main policy recommendations 1. Convergence in the taxonomies of cyber-incidents is needed. 2. The framework for incident reporting needs to be significantly improved to fully contribute to the cyber-resilience of financial firms. 3. Authorities should assess how and to what extent the data held by the centralised hub should be shared with supervisors, firms and clients. 4. Ambitious policies are needed to develop consistent, reliable and exploitable statistics on cyber-trends. 5. Best practices for cyber-hygiene should be continuously enhanced by regulators and supervisors. 6. The European Cybersecurity Certification Scheme needs to be strengthened to contribute better to cybersecurity, cyber-risk management and capability. 7. In order to improve the processes of attribution and extradition, the reinforcement of cross-border cooperation and legal convergence remains a priority, both within the EU and more widely. 8. Best practices in remedies in case of cyberattacks need to be further encouraged. 9. Policy-makers should further assess the pros, cons and feasibility of creating an emergency fund in case of large cyberattacks.
Suggested Citation
Bouyon, Sylvain & Krause, Simon, 2018.
"Cybersecurity in Finance: Getting the policy mix right!,"
ECRI Papers
13703, Centre for European Policy Studies.
Handle:
RePEc:eps:ecriwp:13703
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eps:ecriwp:13703. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Margarita Minkova (email available below). General contact details of provider: https://edirc.repec.org/data/cepssbe.html .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/p/eps/ecriwp/13703.html
