In a report published on October 19, the G20 Financial Stability Board (FSB) called for the harmonization of national rules and practices in the fight against cyber-attacks, the frequency of which continues to rise.
Cybersecurity: the absence of common rules
The G20 Financial Stability Board has conducted a survey of central banks in over 30 countries. The aim: to find out what practices they adopt in the event of a cyber attack.
While regulations in some countries oblige central banks to inform supervisory authorities when they detect a cyber incident, the rules are never the same. In some countries, for example, the incident must be reported as soon as it is detected, while in others, financial institutions are given a 24 to 48-hour deadline.
When cyber attacks are reported to the authorities, they don't always ask enough questions. According to the Financial Stability Board survey, 80% of them ask for basic information, such as the date and time of the cyber incident, and its consequences.
On the other hand, only 50% of supervisors ask for more specific information, such as the procedures put in place by the central bank, the breach of rules or laws, or the communication of the event externally.
3 areas of work to harmonize government practices in the face of cyber attacks
According to the Financial Stability Board's report, this lack of harmony between the practices of different countries is detrimental to the effectiveness of the fight against cyber risk. The FSB, whose main mission is to define the rules for maintaining the stability of the financial system, has announced its intention to publish a timetable and plan for the adoption of common rules, by the end of 2021.
3 areas for improvement have already been suggested by the Financial Stability Board:
- the adoption of a common vocabulary,
- defining the minimum information to be provided to supervisory authorities,
- defining the type of information that can be transmitted from one state to another.
According to the Center for Strategic and International Studies (CSIS) and anti-virus software company McAfee, global losses due to cyberattacks in 2020 represented more than 1% of global GDP, or $1,000 billion, an increase of 50% in 2 years.