The European Central Bank (ECB) plans to test the cyber resilience of the euro zone's leading banks in the face of rising incidents of cyberattacks.

The move comes as banks are increasingly outsourcing business functions of their critical IT infrastructure. This has been prompted by efforts to reduce overhead costs, enhance operational efficiencies, and improve services.

However, banks can be cut off from counterparties quickly, including through sanctions, leaving them vulnerable and the results of the ECB tests will be known by the middle of 2024.

In America, the Federal Reserve already conducts regular “joint cyber security examinations” of the biggest US banks with other relevant authorities.

The ECB has made its stance clear stating: “The risk of cyberattacks is further accentuated by the high reliance of the financial system on digital technologies, the difficulty to protect against fast changing threats and because they are borderless.

“It is therefore essential that banks, other financial institutions and financial market infrastructures, as well as central banks like the ECB, have an adequate level of cyber resilience to ensure their own protection as well as that of the entire ecosystem.

“All significant institutions from the 19 euro area countries are required to report significant cyber incidents within two hours of classifying the incident as significant.”

The threat of cyberattacks has risen following Russia's invasion of Ukraine and subsequent sanctions, ECB supervisory chief Andrea Enria told a Lithuanian newspaper.

"Next year we are launching a thematic stress test on cyber resilience, which will try to test how banks are able to respond to and recover from a successful cyberattack," Enria told Verslo žinios.

"There has been a significant increase in cyberattacks. We cannot apportion this to any specific source, but it is a fact that the number of these attacks has increased since the war started."

A ransomware attack on Ion Markets, an Ireland-based financial data provider, disrupted areas of the derivatives market this year. The attack was claimed by LockBit, a group believed to be based in Russia, that recently attacked Royal Mail in the UK.

Businesses wanting to avoid the risks to their balance sheet and reputation, should contact a specialist Cyber Insurance Broker to procure a Specialist Broad Form Cyber Insurance Policy. We highly encourage these to avoid ambiguity over coverage and secure protection and relevant cover, as well as pre event cyber risk management together with claims management support.

Cyber is one class of insurance which W Denis arranges for Financial Institutions, along with other Civil Professional Liability and Directors & Officers Liability. Contact Vida Jarašiūnaitė Vida.Jarasiunaite@wdenis.eu or Mark Dutton mark.dutton@wdenis.com for more information.