FSB drafts guidelines for harmonizing cyber incident reporting

Citing the increased frequency and sophistication of cyber attacks, the Financial Stability Board today released a set of recommendations for standardizing cyber incident reporting among financial institutions and regulators. The report lists 16 recommendations for harmonizing reporting among various international players, based on surveys of FSB members. Acknowledging that a one-size-fits-all approach isn’t always viable, the board said financial institutions and regulators can choose to adopt the recommendations as appropriate, consistent with their legal and regulatory frameworks.

Among the recommendations, the FSB report calls on financial authorities to adopt common comment reporting formats; select common triggers for incident reporting; calibrate their initial reporting windows; address impediments to cross-border information sharing; and foster mutual understanding of the benefits of reporting. The report also recommends the creation of a common format for incident reporting exchange, or FIRE, that financial authorities could further develop and eventually use to collect incident information from financial institutions, and for authorities to use for information sharing.

“It is envisioned that FIRE would be flexible to allow a range of adoption choices and include the most relevant data elements for financial authorities,” according to the report. “The concept of FIRE leverages the analysis of various incident reporting templates, which identified many commonalities in the data that financial authorities collect to meet their reporting objectives.”