The Financial Stability Board (FSB) published a consultative document on “Achieving Greater Convergence in Cyber Incident Reporting”. Timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability.
The proposals take a comprehensive approach and include:
- Recommendations to address the challenges to achieving greater convergence in cyber incident reporting. Drawing on the experience of financial authorities and engagement with financial institutions, the FSB has set out 16 recommendations to address the practical issues associated with the collection of cyber incident information from financial institutions and the onward sharing between financial authorities.
- Further work on establishing common terminologies related to cyber incidents. A key instrument for achieving convergence in cyber incident reporting is the use of a common language. In particular, a common definition and understanding for what constitutes a ‘cyber incident’ is needed that avoids the over reporting of incidents that are not meaningful for financial authorities or financial stability.
- Proposal to develop of a common format for incident reporting exchange (FIRE). A review of incident reporting templates and stocktake of authorities’ cyber incident reporting regimes indicated a high degree of commonality in the information requirements for cyber incident reports. Building on these commonalities, the FSB proposes the development of a common reporting format that could be further considered among financial institutions and financial authorities.