A new report published Tuesday by the Basel Committee on Bank Supervision examines cyber-resilience practices in the banking industry.
The report aims to help banks and regulators navigate the regulatory environment, and will help identify areas where further policy work is needed by global regulators and standards-setters.
“Cyber risks pose growing, evolving and unique challenges to institutions and supervisors that require dedicated attention and resourcing,” the report says.
While high-level expectations for cyber resilience are similar from country to country, technical specifications and supervisory practices vary. “This diversity of approaches results in a complex and fragmented landscape, but is also a necessary reflection of actual differences in … legal frameworks and degree of digitalisation,” the report says.
Specifically, information sharing by banks and regulators “varies widely” across jurisdictions.
The report also identifies a number of challenges facing the industry, including issues of governance, staffing and testing.
“Cyber resilience is not always clearly articulated across the technical, business and strategic lines, which hampers their effectiveness,” the report says.
In addition, a skills shortage is leading to recruitment challenges, the report finds, and although protection and detection testing are prevalent, response and recovery testing are less common.
“Although some forward-looking indicators of cyber resilience are being picked up through the most widespread supervisory practices, no standard set of metrics has emerged yet. This makes it more difficult for supervisors and banks to articulate and engage on cyber-resilience,” the report says.