Cyberattack: authorities urged to communicate better with the public

The European Systemic Risk Board, responsible for monitoring the European Union's financial system, has called on the authorities to communicate better with the public in the event of a cyber attack. The aim is to avoid a loss of confidence in the financial system, by implementing a communication strategy that provides information on cybersecurity issues. To find out more, click here.

Communicating to avoid a loss of confidence in the financial system

When a company suffers a cyber-attack, it often prefers not to inform its customers, so as not to lose their trust. This reaction, however, has damaging consequences for other companies, who are more likely to fall victim in turn to a "rebound" attack, where hackers use the data of the first company to attack a second.

Companies aren't the only ones who want to keep a cyber-attack secret: financial authorities are often tempted to do the same, but the consequences can be even more serious.

According to the European Systemic Risk Board's (ESRB) latest "Mitigating systemic cyber" report of January 2022, by remaining silent in the event of a cyber attack, or communicating only partially, the authorities risk causing households to lose confidence in the financial system, and allowing cyber incidents to grow in scale.

" Early coordination and communication in the event of a cyber incident with the potential to become systemic can help detect such an incident more quickly, maintain confidence in the financial system and limit contagion effects on other financial institutions, thus preventing the incident from becoming systemic," the report reads on page 23.

Cybersecurity: 3 proposals for better public information

To help financial authorities communicate more effectively with the public, the European Systemic Risk Board has put forward 3 proposals.

Firstly, the ESRB calls on international financial authorities to communicate more effectively with each other. They need to determine in advance the common level of information they will provide to the public, and when this information will be disclosed, in order to communicate in a coordinated fashion.

Secondly, the ESRB advises financial authorities to prepare communication elements in advance. Indeed, certain scenarios can be repeated, enabling a communication plan to be drawn up in advance, so as to react as quickly as possible and avoid widespread panic.

Finally, the European Systemic Risk Board calls on the financial authorities not to forget social networks, and to plan a specific communication strategy for this purpose, in order to combat the spread of fake news and anticipate the risk of loss of confidence in the financial system.

These issues are all the more important in view of the fact that cyber risk has increased considerably. According to Anozr way's annual barometer, stolen data traded on the darknet increased by 200% between July and November 2021.

In France, according to the same barometer, the financial sector was the target of 20% of the cyber attacks recorded in 2021, making it the sector most at risk from cyber risk. Commerce came second, with 17% of attacks, followed by the scientific and technical sector, which was the target of 16% of attacks.