Press enquiries:
+41 61 280 8477
[email protected]
Ref: 31/2022
The Financial Stability Board (FSB) today published a consultative document on Achieving Greater Convergence in Cyber Incident Reporting. Timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability. The proposals take a comprehensive approach and include:
-
Recommendations to address the challenges to achieving greater convergence in cyber incident reporting. Drawing on the experience of financial authorities and engagement with financial institutions, the FSB has set out 16 recommendations to address the practical issues associated with the collection of cyber incident information from financial institutions and the onward sharing between financial authorities.
-
Further work on establishing common terminologies related to cyber incidents. A key instrument for achieving convergence in cyber incident reporting is the use of a common language. In particular, a common definition and understanding for what constitutes a ‘cyber incident’ is needed that avoids the over reporting of incidents that are not meaningful for financial authorities or financial stability.
-
Proposal to develop of a common format for incident reporting exchange (FIRE). A review of incident reporting templates and stocktake of authorities’ cyber incident reporting regimes indicated a high degree of commonality in the information requirements for cyber incident reports. Building on these commonalities, the FSB proposes the development of a common reporting format that could be further considered among financial institutions and financial authorities.
The FSB is inviting feedback on this consultative document, in particular on the questions it has set out. Responses should be sent to [email protected] by 31 December 2022 with the subject line ‘CIR Convergence’. Responses will be published on the FSB’s website unless respondents expressly request otherwise.
Notes to editors
The FSB published a report on Cyber Incident Reporting: Existing Approaches and Next Steps for Broader Convergence in October 2021. The report found that fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used. This subjects financial institutions that operate across borders or sectors to multiple reporting requirements for one cyber incident. At the same time, financial authorities receive heterogeneous information for a given incident, which could undermine a financial institution’s response and recovery actions. Recognising that information on cyber incidents is crucial for effective actions and promoting financial stability, the G20 asked the FSB to take forward work to achieve greater convergence in cyber incident reporting.
In 2018, the FSB developed a Cyber Lexicon to foster a common understanding of relevant cyber security and cyber resilience terminology across the financial sector, including banking, financial market infrastructures, insurance and capital markets, and with other industry sectors. A common lexicon could foster a common understanding with other industry sectors and facilitate appropriate cooperation to enhance cyber security and cyber resilience.
The FSB coordinates at the international level the work of national financial authorities and international standard-setting bodies and develops and promotes the implementation of effective regulatory, supervisory, and other financial sector policies in the interest of financial stability. It brings together national authorities responsible for financial stability in 24 countries and jurisdictions, international financial institutions, sector-specific international groupings of regulators and supervisors, and committees of central bank experts. The FSB also conducts outreach with approximately 70 other jurisdictions through its six Regional Consultative Groups.
The FSB is chaired by Klaas Knot, President of De Nederlandsche Bank. The FSB Secretariat is located in Basel, Switzerland, and hosted by the Bank for International Settlements.