Connect with us


ECB supervisors are onsite, testing Bank of Ireland’s ability to recover after cyber attack



The inspection is not related to the bank’s high-profile tech outage last year, which saw thousands of customers queuing to withdraw cash during an outage. That meant customers could overdraw on their accounts without authorisation.

The visit is is being done as part of a wider so-called thematic stress test, to assess how well the Euro areas’ 109 biggest and most important banks can bounce back from a successful major cyber attack.

Only a subset of 28 banks are being targeted for the most intensive probes, and the site visit indicated Bank of Ireland is among this group.

‘The exercise tests how banks respond to a cyber attack, not their ability to prevent it’

Other leading banks will be assessed at arms’ length – but supervisors will have access to their technological specifications and crisis response protocols.

The findings will be unveiled in the summer. Bank-specific results will be discussed in the ECB’s 2024 supervisory review and evaluation process.

The stress testing of banks’ ability to recover from a possible cyber attack is outside of the ECB’s regular stress testing of banks’ ability to cope financially with a possible economic crisis.

Those stress tests take place every other year, with one-off thematic inspections, such as the cyber resilience probe, happening in between.

The ECB announced its plans for the cyber probe in the wake of Russia’s invasion of Ukraine, which sparked widespread concerns that an escalation of that conflict could have seen a rise in hacking and cyber disruption.

Technological resilience in the financial system in general, whether or not malign actors are involved, has become a major concern for regulators and bankers,

At the start of the year the ECB said its tests won’t look at whether a bank can withstand an attack, but at how well it can restore services after a successful breach of cyber defences.

“The exercise will assess how banks respond to and recover from a cyber attack, rather than their ability to prevent it,” the ECB said in a statement.

“Banks will then test their response and recovery measures, including activating emergency procedures and contingency plans and restoring normal operations.”

In a statement yesterday, the ECB said the cyber resilience tests will not affect bank-specific capital requirements, but instead form part of a broader supervisory assessment.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *