The European Central Bank (ECB) will commence a cyber resilience stress test on 109 ECB-supervised banks in 2024. The ECB has revealed in a press release that the exercise will create a scenario that assumes the banks have been “hit by a successful cyberattack that disrupts their daily operations”. The aim is to assess “how banks respond to and recover from a cyberattack, rather than their ability to prevent it”.
Banks will be tested on their response and recovery measures, including the activation of their emergency procedures and contingency plans, as well as the restoration of normal operations. Supervisors will assess “the extent to which banks can cope under such a scenario” and discuss their findings with the banks during the 2024 Supervisory Review and Evaluation Process. Findings from the exercise will be communicated in summer this year while insights will be used for wider supervisory assessment.
In addition, 28 of the participating banks will “undergo an enhanced assessment” where they submit additional information on how they coped with the cyberattack. This sample of 28 will cover “different business models and geographies to provide a meaningful reflection of the euro area banking system and ensure there is efficient coordination with other supervisory activities”.
