On 17 October 2022, the Financial Stability Board (FSB) published a consultative document on Achieving Greater Convergence in Cyber Incident Reporting (CIR). In parallel, the FSB invited feedback on this document. Back in 2021, the FSB already published a report on CIR. The report set out three ways the FSB would take work forward to achieve greater convergence in cyber incident reporting: developing best practices, creating common terminologies for CIR, and identifying common types of information to be shared across jurisdictions and sectors.
To inform on its work, the FSB conducted a survey amongst FSB members to identify the most common reporting objectives and types of reporting performed; understanding the practical issues financial authorities and financial institutions have in collecting or using incident information; identifying the information items authorities collect to meet the common reporting objectives, including a review of existing incident reporting templates; and exploring the mechanisms for financial authorities to share incident information across borders and sectors.
Drawing on the survey findings, the FSB has set out recommendations to address impediments to achieving greater convergence in CIR with a view to promote better practices. This work also helped to inform refinements to the Cyber Lexicon, which resulted in the addition of four terms and revision of three definitions. The FSB also reviewed financial authorities’ incident reporting templates and identified commonalities in the information collected. Leveraging on this work, the FSB presented a concept for a format for incident reporting exchange (FIRE) to promote convergence, address operational challenges arising from reporting to multiple authorities and foster better communication.
In the face of the above mentioned initiative, WSBI-ESBG replied to the call for feedback on this consultative document on cyber incident reporting, in particular calling for a harmonised reporting approach between different regulatory bodies, processes, and data requests. In terms of promoting greater convergence in CIR, financial authorities could offer tools and platforms that minimize operational issues for reporting of incidents.
Finally, members underlined the importance of having clear definitions to avoid confusion and to differentiate between the terms ‘cyber incident’ and the subcategory thereof of ‘cybersecurity incident’.
related
May 4, 2023
ESBG responds to the Commission’s consultation on its Taxonomy Environmental Delegated Act
On 3 May, ESBG responded to the Commission’s consultation on its new set of EU taxonomy criteria for economic activities that
April 12, 2023
ESBG revises its position paper on the CSDDD in accordance with the recent negotiations
Given the developments of the recent political negotiations, ESBG has decided to update its position paper on the Corporate Sustainability Due Diligence Directive (CSDDD)
February 21, 2023
ESBG responded to the ESMA consultation about the use of ESG terms in funds’ names
On 17 February, ESBG submitted its response to the ESMA consultation about the use of ESG terms in funds’ names
February 3, 2023
Advocating on the EU deforestation regulation
What lessons can be learnt from a French diplomat from the XIX century?
January 11, 2023
ESBG responds to the ESAs call for evidence on greenwashing
Therefore, in the interest of customers, banks, saving banks and issuers of financial products, ESBG
October 5, 2022
Joint letter to Commissioner McGuinness on the EFRAG consultation regarding its first set of draft ESRSs
On 27 September, the ESBG, together with the European Banking Federation (EBF), the European Association of Co-operative Banks (EACB), Insurance Europe, Accountancy Europe, Business Europe and…
September 9, 2022
ESBG response to the EFRAG consultation on its first set of draft ESRSs calls to ensure levelled global playing field
In its response to the European Financial Reporting Advisory Group (EFRAG) public consultation on the first set of Draft EU Sustainability Reporting Standards (ESRSs), the European Savings and Retail…
September 7, 2022
EU Taxonomy minimum safeguards: Criteria for the application of external checks should be further defined
The European Savings and Retail Banking Group submitted its final response to the Platform for Sustainable Finance (PSF) consultation on its draft report on minimum safeguards (MS). In its response,…
August 3, 2022
International Sustainability Standards Board consultation on Sustainability Disclosures
The International Sustainability Standards Board (ISSB) has been established at COP26 with the purpose of developing a comprehensive global baseline of sustainability disclosures for the capital…
May 27, 2022
ESBG calls for more feasible rules on the new corporate sustainability due diligence
In its response to the European Commission call for feedback on the proposal for a Directive on Corporate Sustainability Due Diligence, the European Savings and Retail Banking Group (ESBG) suggests…