Danmarks Nationalbank is working to increase its resilience to cyberattacks, both in the financial sector and in relation to its own critical systems. The cross-sectoral work is done by the FSOR – Financial Sector forum for Operational Resilience – among others, while Danmarks Nationalbank itself is the authority for the TIBER-DK programme and conducts surveys of cyber resilience in the financial sector.
Cyber resilience collaboration
In 2016, Danmarks Nationalbank and the financial sector established a public-private collaboration forum called the Financial Sector forum for Operational Resilience, FSOR. The collabo-ration is voluntary, yet binding. The purpose is to increase operational resilience across the financial sector, including resilience to cyberattacks. The FSOR participants are the key finan-cial institutions, Nordic Financial CERT, industry organisations and authorities, including the Centre for Cyber Security. Danmarks Nationalbank act as chair and secretariat for the collaboration.
Danmarks Nationalbank and the FSOR have conducted a risk analysis identifying the greatest risks to the financial sector. Twice a year, the FSOR discusses the identified risks and whether joint measures could be implemented to minimise the risks. This includes a crisis management plan at sector level, tasked with cross-sector coordination in the event of a systemic crisis.
In addition to its collaboration with the most important players in the Danish financial sector, Danmarks Nationalbank is also working as an authority to increase cyber resilience. Danmarks Nationalbank oversees the safety and efficiency of the systemically important payment and settlement systems and the most important payment solutions.
Survey of cyber resilience in the financial sector
Danmarks Nationalbank conducts questionnaire surveys to examine the cyber resilience of key players in the financial sector. The surveys have been carried out since 2016 and include the large banks and mortgage credit institutions as well as key infrastructure companies in the FSOR.
In the surveys, participants self-evaluate their current level of cyber resilience, and the aggregate responses provide a snapshot of the overall level in the sector. The key messages from the latest survey are outlined below.
Cyber resilience in the Danish financial sector 2020
The survey points to sustained and significant progress compared to the previous surveys, but there is still room for improvement. The requirements are continuously tightened as a result of the development in the threat landscape in the cyber area. For the first time, the survey also covers the cyber resilience of operational members’ suppliers.
Cyberattacks can threaten financial stability
Cyberattacks can have consequences that go beyond the specific system under attack. There is a risk that potential hackers can exploit access to one system to gain access to the next. But the mere fact that one system is taken out of service can affect the operation of other systems, as many systems are interdependent. Accordingly, cyberattacks constitute a systemic risk and can pose a threat to financial stability.
Cyber risk has been described several times in the analysis series ‘Financial stability’, which Danmarks Nationalbank publishes twice a year. You can see excerpts of and download the analyses below.