The EU’s two supervisors for financial markets, insurers and pension funds, following in the ECB’s footsteps, now are “closely monitoring” cyber risks in Europe’s asset management industry amid concerns that rising tensions over Ukraine may spark Russian-backed cyber attacks on Europe’s economic infrastructure.
The European Central Bank (ECB), as lead supervisor for Europe’s banking sector, is already pushing banks to increase their defences.
“The potential worsening of the global tensions could indeed trigger more attacks,” said ECB Supervisory Chair Andrea Enria at a press conference on Thursday, noting that cyber attacks on Europe’s banking sector have continued to increase during 2020 and 2021.
Spokespeople both for the European Securities and Markets Authority (Esma) and the European Insurance and Occupational Pensions Authority (Eiopa) confirmed to InvestmentOfficer that they share the ECB’s concerns over increasing cyber risk.
New ESMA report out on Tuesday
“We are closely monitoring the developments in cooperation with the competent authorities,” said a spokesperson for Esma. He said Esma will address the risk more specifically in the next Trends, Risk and Vulnerabilities report which is due to be published on Tuesday.
“EIOPA is closely monitoring the developments in close cooperation with the competent authorities,” said a spokesperson for Eiopa, without elaborating.
Simulations have demonstrated that a successful cyber attack on Europe’s financial system risks bringing economic life to a standstill. Under a worst case scenario, banks would no longer be able to process payments, ATMs would no longer dispense cash, overnight ban funding with the ECB would be disrupted, threatening financial stability.
US believes Russia considers ‘escalating its destabilising actions’
The US Cybersecurity and Information Security Agency, or Cisa, said in a notice on Sunday that it believes the Russian government may consider “escalating its destabilising actions in ways that may impact others outside of Ukraine.”
According to Cisa, the Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe.
“The Russian government understands that disabling or destroying critical infrastructure, including power and communications, can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” the Cisa notice said.
Paradigm shift to ‘proactive’
Cisa said it has been working closely with its critical infrastructure partners over the past several months to ensure awareness of potential threats, as part of a paradigm shift “from being reactive to being proactive”.
The US agency recommends that “all organisations, regardless of size, adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
ENISA reports ‘substantial increase in threats’
Enisa, the EU Agency for Cybersecurity, on Monday reported “a substantial increase of cybersecurity threats for both private and public organisations across the EU”.
It said that ransomware has remained a prime threat; that cybercriminals are increasingly motivated by the monetisation of their activities; and that attacks against critical infrastructure “are rising exponentially and other economic sectors as well as society at large can be exposed”.
Enisa’s 2021 Threat Landscape report includes dozens of references to the Russian government and cyber attacks involving Russia’s foreign intelligence agency GRU.
ECB elevates priority
At the ECB banking supervision press conference on Thursday, Enria said the central bank supervisor this year will step up its coordinating work on cyber resilience because of the increasing geopolitical tensions.
“We had an extensive discussion in our Supervisory Board recently and decided to raise the level of priority that we are attributing to this issue,” Enria said.
Cyber hygiene
The ECB has asked banks “to strengthen their cyber hygiene measures and look at a potential increase in attacks and in the danger of these attacks going forward,” said Enria.
The ECB in recent years has adopted a lead role in monitoring and coordinating the defence against cyber attacks on European banks. This includes the Euro Cyber Resilience Board for pan-European Financial Infrastructures, known as ECRB, which seeks to enhance the cyber resilience of financial market infrastructures.
In 2020 the ECRB initiated the Cyber Information and Intelligence Sharing Initiative, or Ciisi-EU, which seeks to protect the financial system by preventing, detecting and responding to cyberattacks; to facilitate the sharing of information and good practises between financial infrastructures; and to raise awareness of cybersecurity threats.
Related stories on InvestmentOfficer: