EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cybersecurity in Finance: Getting the policy mix right!

Sylvain Bouyon and Simon Krause

ECRI Papers from Centre for European Policy Studies

Abstract: In the midst of several large cyberattacks in 2017, the European Commission adopted its multi-sector cybersecurity package in September of that same year. Whereas this initiative can be expected to contribute to strengthening the cyber-resilience and response of EU financial firms, several policy issues and unanswered questions remain. In order to analyse the issues that are considered to be relevant to financial fields (retail banking, corporate banking, capital markets, financial infrastructure and insurance), CEPS-ECRI organised a Task Force between September 2017 and May 2018 with a group of experts from the financial industry, tech industry, national supervisors and European institutions, as well from a consumer association and a law firm. In this Final Report, the Task Force members identify the following nine policy issues that need to be further addressed in order to bolster the financial industry�s cyber-resilience against current and future threats. Main policy recommendations 1. Convergence in the taxonomies of cyber-incidents is needed. 2. The framework for incident reporting needs to be significantly improved to fully contribute to the cyber-resilience of financial firms. 3. Authorities should assess how and to what extent the data held by the centralised hub should be shared with supervisors, firms and clients. 4. Ambitious policies are needed to develop consistent, reliable and exploitable statistics on cyber-trends. 5. Best practices for cyber-hygiene should be continuously enhanced by regulators and supervisors. 6. The European Cybersecurity Certification Scheme needs to be strengthened to contribute better to cybersecurity, cyber-risk management and capability. 7. In order to improve the processes of attribution and extradition, the reinforcement of cross-border cooperation and legal convergence remains a priority, both within the EU and more widely. 8. Best practices in remedies in case of cyberattacks need to be further encouraged. 9. Policy-makers should further assess the pros, cons and feasibility of creating an emergency fund in case of large cyberattacks.

Pages: 52 pages
Date: 2018-06
New Economics Papers: this item is included in nep-law
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.ceps.eu/system/files/TFRCybersecurityFinance.pdf (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eps:ecriwp:13703

Access Statistics for this paper

More papers in ECRI Papers from Centre for European Policy Studies Contact information at EDIRC.
Bibliographic data for series maintained by Margarita Minkova ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-30
Handle: RePEc:eps:ecriwp:13703