Stress test: ECB: Banks need to improve their cyber-attack response

According to the European Central Bank (ECB), banks in the eurozone need to be even better prepared to deal with cyber attacks. The ECB has used a stress test scenario to test how banks react to hacker attacks and how they can restart their business operations afterwards.

“Overall, the stress test showed that banks have response and recovery frameworks in place, but there is still room for improvement in some areas,” the central bank in Frankfurt said.

No details were given. The results obtained in the stress test will be incorporated into the annual bank audit. The ECB has been directly supervising the leading banks in the eurozone since November 2014. 109 banks directly supervised by the ECB took part in the cyber stress test, and 28 institutions were tested more extensively.

Huge amounts of data in banks’ IT systems attract criminals

The ECB’s investigation started in January 2024 and was based on a fictitious stress test scenario in which all preventive measures fail and the databases of the respective bank’s core systems are severely affected by a cyber attack. According to the ECB, the stress test was primarily about how banks respond to and recover from a cyber attack, not how they prevent it.

The huge amounts of data in banks’ IT systems continue to attract criminals. According to previous information, the ECB supervisory authority has recently registered more cyber attacks than before the corona pandemic.

Since the financial and economic crisis of 2008/2009, supervisors have been regularly using stress tests to check how vulnerable banks’ business models would be in the event of a crisis. They must calculate scenarios and prove that they would have enough capital to continue their business even under adverse circumstances – an economic downturn, a collapse in real estate prices or increasing loan defaults. If this is not the case, the supervisor demands larger capital buffers.