- MIP NEWS
Revised Eurosystem cyber resilience strategy
18 October 2024
The Eurosystem has revised its cyber resilience strategy to further address evolving cyber threats. The revised strategy now incorporates additional entities in addition to financial market infrastructures (FMIs).
The new entities covered under the revised strategy are those overseen under the Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA). These entities are encouraged to use tools developed by the Eurosystem to periodically assess and continuously enhance their cyber resilience.
A new feature of the revised strategy is the overarching component introduced to facilitate detailed monitoring and continuous improvement. This will help us track progress, implement the strategy in a harmonised manner in all jurisdictions and allow for adjustments to ensure the strategy continues to be effective.
The first Eurosystem cyber resilience strategy for FMIs was adopted in 2017, aiming to provide a consistent approach to addressing cyber risks in FMIs and implement the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures across the euro area. In a world of increasing interdependencies and evolving cyber threats, the strategy’s overarching objective is to strengthen the cyber resilience of the euro area financial ecosystem by enhancing the cyber readiness of FMIs and payment entities, and to foster sectoral resilience and collaboration.
The revised strategy also ties in with the Digital Operational Resilience Act (DORA), which aims to strengthen IT security and harmonise operational resilience rules in the financial sector. DORA is part of the wider digital finance package introduced by the European Commission to foster innovation and competition in digital finance while addressing the associated risk; it will apply as of January 2025.