In a proactive move aimed at fortifying the resilience of financial institutions against evolving cyber threats, the European Central Bank (ECB) has unveiled plans for a comprehensive stress test involving 109 banks under its direct supervision.

This strategic exercise, scheduled for 2024, marks the first stress test for Eurozone banks, and will also involve two Cypriot banks, the Bank of Cyprus, and Hellenic Bank.

Furthermore, the ECB’s approach in this stress test deviates from the conventional emphasis on preventing cyber-attacks. Instead, the focus will be on evaluating how these banks handle and recover from a successful cyber-attack.

The critical scenario envisions a disruptive cyber-attack impacting the daily operations of the banks. The exercise will thoroughly examine the measures each bank has in place to counter such an attack and swiftly restore normal operations, activating contingency procedures and plans.

Moreover, within this comprehensive examination, a subset of 28 banks from across the Eurozone will undergo an enhanced assessment.

This more rigorous test will delve deeper into the risks of cyber-attacks spilling over into other sectors, providing additional insights into the specific strategies employed by these banks in dealing with cyber threats, including the rising menace of ransomware.

This carefully selected sample ensures a comprehensive representation of the Euro area banking system, facilitating effective coordination with other supervisory activities.

Additionally, it’s crucial to note that this qualitative exercise will not impact capital through the Pillar 2 guidelines, which offer specific recommendations tailored to each bank regarding additional capital levels beyond binding requirements.

Nevertheless, the data gathered will play a pivotal role in the broader supervisory review scheduled for 2024.

Furthermore, the primary outcomes of the stress test are anticipated to be disclosed in the summer of 2024, providing valuable insights into the Euro area banking system’s cyber resilience and guiding future regulatory measures to safeguard financial institutions from emerging cyber threats, including ransomware.

In a parallel development reported by Agence France-Presse (AFP), the ECB’s stress test is a response to the increasing risk of cyber-attacks, particularly following the pandemic and Russia’s invasion of Ukraine.

According to AFP, the cyber stress tests were announced last year as the risk of attempted hacking was thought to have increased following the pandemic and Russia’s invasion of Ukraine.

“The number of cyber-attacks is higher than it was before the pandemic,” Anneli Tuominen, a member of the Supervisory Board of the ECB, told the German newspaper Boersen Zeitung.

She also said there has been an increase in ransomware attacks, where banks are asked to pay money to regain access to their data.

“Eurozone banks have proved resilient so far,” Tuominen said while warning that “a successful attack could happen at any time.”

Finally, Tuominen highlighted that the biggest increase was seen in “denial-of-service attacks, in which perpetrators disrupt banking services by flooding and clogging bank servers with fake requests.”