All banks regulated by the European Central Bank (ECB) will be forced to reveal all major cyber security breaches, according to one of the supervisor’s bosses.
Starting this summer, banks directly supervised by the ECB will have to "report all significant cyber incidents", said Sabine Lautenschlaeger, a member of the ECB’s executive board.
At a speech in Frankfurt, she said: “This will help us to assess more objectively how many incidents there are and how cyber threats evolve. It will also help us to identify vulnerabilities and common pitfalls.”
The ECB will also continue to perform regular “thematic reviews” on cyber security and outsourcing arrangements, a common weak link exploited in big cyber attacks.
Attacks on information technology have risen rapidly up the agenda for banking supervisors and bank bosses alike, although just less than half of banks listed cyber security as a top-three concern, according to a January report by EY and the Institute of International Finance.
However, the rapid spread of the Wannacry virus, which disabled institutions around the world including many National Health Service computers in the UK, has increased the prominence of cyber security among executives still further.
The Russian central bank was one of the other institutions hit by that attack, while a hack of the Bangladeshi central bank last year resulted in the theft of $80m (£63m) via the Swift interbank payments system.
That led to urgent upgrades of the payment system, which is one of the world’s key financial infrastructures, to combat fraud.