Conceptual image of micro circuit Security concept
© Sergey Nivens / 123RF Stock Photo

In a new paper, the Financial Stability Board (FSB) said that the move to remote work in response to the Covid-19 outbreak has intensified the urgency of dealing with cyber threats that could imperil the stability of the global financial system.

The pandemic has highlighted the need for financial firms and regulators to consider changes to their cyber risk management processes, reporting practices, incident response and recovery activities, and the management of critical third-party service providers (such as cloud services), the FSB said.

“One of the key challenges posed by remote working was the restricted ability to collect system hardware in order to conduct forensic analysis of a cyber incident,” the paper said.

Additionally, ensuing communication throughout supply chains, including between companies and outside service providers, represents another critical challenge in the current environment, the FSB suggested.

“A significant cyber incident, if not properly contained, could seriously disrupt the financial system, including critical financial infrastructure, leading to broader financial stability implications,” the FSB said.

Risks to financial stability could arise from incidents that affect systems that are shared among multiple financial institutions, threats that impact third-party providers and from incidents that undermine confidence in the overall financial system or result in capital losses, the paper noted.

“Efficient and effective response to and recovery from a cyber incident is essential to limiting any related financial stability risks,” the FSB said, adding that enhancing these capabilities is a priority for regulators and policymakers.

To that end, the report includes a “toolkit” of practices for financial institutions to deploy to ensure they’re prepared to respond to and recover from cyber threats.

“This toolkit provides a set of effective practices that serve as building blocks for enhancing [cyber incident response and recovery] activities,” the FSB said.