Banks must ensure that IT budgets are protected to defend against a growing cyber threat, European Union has warned.
According to a report from the Joint Committee of the European Supervisory Authorities, released on Wednesday, financial institutions experienced an increase in cyber incidents during 2013, with criminals seeking to access customer data or disrupt services, such as through distributed denial of service (DDOS) attacks.
The systemic threat to the industry as a whole has also been magnified by increasingly interconnected IT systems between banks, according to the committee, which includes the European Banking Agency, European Securities and Markets Agency, and the European Insurance and Occupational Pensions Authority.
To adequately respond to this growing threat banks must ensure that IT systems and related internal controls are safeguarded against budget cuts, the committee said.
However, the report also said that holding capital should not be used as a substitute for “sound management of operational risk”, such as in-depth IT inspections and the development of business continuity plans.
Attention must also be paid to the secure use of outsourced or cloud services, while banks must be wary of rushing the development of mobile apps to get to market quickly, and ensure sufficient testing time.
The committee suggests that banks and policymakers cooperate to address cyber risks, and should consider market-wide exercises to improve coordination in the face of real-life attacks.
Earlier this year the findings of a staged attack on the UK financial sector were released. The second Waking Shark test involved a four-hour exercise which sought to replicate the effects of a state-sponsored cyber attack on banks. The report highlighted a need for better communication between banks and authorities during an attack.