The Financial Stability Board (FSB) has published a report outlining recommendations to achieve greater harmonisation in cyber incident reporting, as cyber incidents become more frequent and sophisticated.
The interconnectedness of the global financial system means that a cyber incident at one financial institution could have spillover effects across borders and sectors.
In response, many jurisdictions have introduced cyber incident reporting requirements for financial institutions to promote financial stability and facilitate effective policy responses.
However, significant differences have emerged in the requirements and practices associated with cyber incident reporting over the last decade.
The G20 requested that the FSB deliver a report on achieving greater convergence in cyber incident reporting, recognising the importance of timely and accurate information on such incidents for effective response and recovery, as well as financial stability.
To address this challenge, the FSB has taken a three-pronged approach:
- Developing recommendations to address the issues identified as barriers to achieving greater harmonization in cyber incident reporting. Financial authorities and institutions can adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory frameworks.
- Expanding the Cyber Lexicon to include additional terms related to cyber incident reporting, as a “common language” is necessary for increased convergence.
- Identifying common types of information submitted by financial institutions to authorities for cyber incident reporting purposes, resulting in a concept for a common format for incident reporting exchange (FIRE) to collect and share incident information among authorities.
These initiatives aim to promote cyber resilience as the threat landscape grows increasingly complex.
