- 109 ECB-supervised banks to be stress tested on cyberattack response and recovery
- Scenario assumes banks hit by successful cyberattack that disrupts their daily operations
- Supervisors to discuss findings with each bank during regular supervisory review process
The European Central Bank (ECB) will conduct a cyber resilience stress test on 109 directly supervised banks in 2024. The exercise will assess how banks respond to and recover from a cyberattack, rather than their ability to prevent it.
Under the stress test scenario, the cyberattack succeeds in disrupting the bank’s daily business operations. Banks will then test their response and recovery measures, including activating emergency procedures and contingency plans and restoring normal operations. Supervisors will subsequently assess the extent to which banks can cope under such a scenario.
As part of the exercise, 28 banks will undergo an enhanced assessment for which they will submit additional information on how they coped with the cyberattack. This sample covers different business models and geographies to provide a meaningful reflection of the euro area banking system and ensure there is efficient coordination with other supervisory activities.