In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.
In particular EBF makes the following proposals for supervisors and regulators:
- Establish a central reporting and coordination hub in each Member State;
- Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
- Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
- Further involve national CERTs in information sharing;
- Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.
Full report: EBF position on Cyber incident reporting