ECB Cracks Down On Breach Reporting For EU Banks

One of the biggest new rules of the incoming Global Data Protection Regulations (GDPR) is the new breach notification requirements, where all organisations must report any form of data breach to authorities within 72 hours.

Now, banks in the European Union that are directly regulated by the European Central Bank (ECB) are set to face similar rules.

Starting from this summer, banks under the rule of the ECB will have to “report all significant cyber incidents” in an effort to crack down on cyber attacks across the industry.

Cyber reporting

ECB executive board member Sabine Lautenschlaeger said the new rules will “help us to assess more objectively how many incidents there are and how cyber threats evolve. It will also help us to identify vulnerabilities and common pitfalls”.

Regular “thematic reviews” on cyber security and outsourcing agreements will also be carried out by the ECB, the latter of which is known to be a weak link in the security chain that is often exploited by cyber criminals.

British banks that will be affected by the new rules include the likes of Barclays, HSBC and Royal Bank of Scotland (RBS).

A recent report revealed the costs associated with banking cyber attacks. Recovering from a malware attack was found to cost an average of $825,000 (£645,000) to resolve, while incidents involving a bank’s online banking services costs an average of $1,754,000 (£1,371,000).

And the threat landscape is only getting more intense, with financial data continuing to be directly targeted by cyber criminals.

Probably the most high-profile was last year’s attack on the central bank of Bangladesh which saw hackers make away with $81 million (£56m) and was shortly followed by another attack on a bank in the Philippines. 

The recent rise in attacks has even resulted in banks hoarding Bitcoins in order to give them a quick way of dealing with online extortion attempts.

Are you a security pro? Try our quiz!