|
The
ECB ran a survey among the banks it supervises this year and
carried out 22 inspections since 2020 to test how prepared banks
are to deal with risks including hacks, ageing systems and
contractors falling short of what they promised.
This last area in particular cost banks 148 million euros
($160.59 million) in 2022, a 360% increase from the year before,
as a result of the "unavailability or poor quality of outsourced
services".
"These losses were related to a small number of high-volume
events and further highlight the need to properly manage risks
arising from reliance on service providers," the ECB said in a
newsletter.
While the ECB cautioned these losses were "concentrated within a
few significant institutions and therefore not indicating a
sectoral trend", it also found that banks' "outsourcing
arrangements often failed to sufficiently address IT security
requirements".
Banks are making ever greater use of outsourcing as they switch
to cloud-based services from storing information on their own
servers.
Their cloud expenses surged by 56% in 2022 to account for 3.1%
of all money spent by banks on IT, the ECB said.
More broadly, the ECB found fundamental shortcomings that were
"more severe and widespread than expected" in how banks tackle
cybersecurity.
It said many lenders even failed to identify all potential risks
or did not have adequate systems in place to detect and respond
to incidents.
"The ECB expects all banks under its direct supervision to take
immediate and concrete steps to make sure that their IT and
cybersecurity risk management is aligned with supervisory
expectations," the ECB said.
It added banks that were targeted by inspections have already
received specific recommendations.
($1 = 0.9216 euros)
(Reporting by Francesco Canepa, Editing by Angus MacSwan)
[© 2023 Thomson Reuters. All rights
reserved.] Copyright 2022 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
