The Financial Stability Board (FSB) published a report with recommendations to achieve greater convergence in cyber incident reporting.
Cyber incidents are rapidly growing in frequency and sophistication. The interconnectedness of the global financial system makes it possible that a cyber incident at one financial institution (or an incident at one of its third-party service providers) could have spill-over effects across borders and sectors.
In many jurisdictions, financial authorities have introduced cyber incident reporting requirements for financial institutions, which are crucial for effective policy response and promoting financial stability. Over the last decade, however, meaningful differences have and continue to emerge in the requirements and practices associated with cyber incident reporting.
Recognizing that timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability, the G20 asked the FSB to deliver a report on achieving greater convergence in cyber incident reporting.
The FSB conducted work to promote greater convergence in cyber incident reporting in three ways:
- Setting out recommendations to address the issues identified as impediments to achieving greater harmonization in cyber incident reporting. Financial authorities and institutions can choose to adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory framework.
- Enhancing the cyber lexicon to include additional terms related to cyber incident reporting, as a ‘common language’ is necessary for increased convergence.
- Identifying common types of information that are submitted by financial institutions to authorities for cyber incident reporting purposes, which culminated in a concept for a common format for incident reporting exchange (FIRE) to collect incident information from financial institutions and use between themselves.
These initiatives will help to promote cyber resilience as the threat landscape becomes increasingly more complex.