The Financial Stability Board (FSB) published a toolkit of effective practices for financial institutions’ cyber incident response and recovery.
Cyber incidents pose a threat to the stability of the global financial system, and the remote working environments in light of the COVID-19 pandemic have heightened the need for attention. A significant cyber incident, if not properly contained, could seriously disrupt the financial system, including critical financial infrastructure, leading to broader financial stability implications.
Financial stability risks could arise, for example, from interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers from loss of confidence in a major financial institution or group of financial institutions, or from impacts on capital arising from losses due to the incident.
The toolkit includes 49 practices for effective cyber incident response and recovery across seven components: (i) governance, (ii) planning and preparation, (iii) analysis, (iv) mitigation, (v) restoration and recovery, (vi) coordination and communication, and (vii) improvement. The final toolkit draws on the feedback from a public consultation process, including four virtual outreach meetings. The report was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting.