Basel Committee Urges Banks to Up Their Cyber Risk Preparedness

With cyber incidents continuing to pose a threat to the financial system, the Basel Committee on Banking Supervision this week called on banks to improve cyber threat resilience. In a newsletter, the committee promoted the widespread adoption of measures to strengthen cybersecurity, following principles released earlier this year on operational resilience and operational risk.

“Since the onset of the COVID-19 pandemic, [cyber security]concerns have heightened,” according to the committee’s newsletter. “Remote working arrangements and increased provision of financial services using digital channels have enlarged banks’ attack surfaces. This means that malicious actors, who have become increasingly sophisticated, have more points of access to banks’ systems. Targeted attacks on banks’ third-party service providers, including third-party software banks commonly use and intragroup entities, are also a stark reminder that cyber security measures should take into account operational dependencies on such providers.”

The committee did not endorse a specific tool or framework, but recommended adopting practices that align with widely accepted industry standards. Doing so, the committee said, should improve “fundamental elements that include effective cyber risk management, diligent cyber hygiene practices, appropriate methods for identifying and protecting against cyber threats, and enhanced response and recovery capabilities.”

Resources cited by the committee as aligning with industry standards include the National Institute of Standards and Technology Cybersecurity Framework, International Organization for Standardization 2700x, and the Center for Internet Security Critical Security Controls.