Financial Stability Board publishes cyber incident reporting recommendations

As cyber threats continue to become more sophisticated, the Financial Stability Board today issued a report on how jurisdictions can work to achieve “greater convergence” in cyber incident reporting. The report includes three components: recommendations to address the issues identified as impediments to achieving greater harmonization in cyber incident reporting, an updated cyber lexicon to encourage the use of common terminology and a common format for incident reporting exchange.

The report—which was issued at the request of the G-20—is based on input from stakeholders including ABA. The report embraces many of the positions that the ABA and other U.S. financial trade groups advocated for in comment letters to U.S. regulatory agencies and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, including clear objectives for incident reporting, greater convergence of cyber incident reporting frameworks, common data requirements and reporting formats, appropriate incident reporting triggers, adoption of common data requirements and the protection of sensitive information.