(Bloomberg) -- Several European banks displayed material weaknesses in their ability to respond to a simulated hacker attack in a landmark test by their top regulator.
The European Central Bank is expected to publish findings of its first such exam later this week. Preliminary reports from the supervisor indicate lenders mostly experienced less severe issues, according to KPMG Germany, which advised more than a dozen banks on the probe.
Some, however, faced more significant problems such as taking too long to get systems running again or communicating with regard to the attack, said Peter Hertlein, director of cybersecurity & IT compliance in financial services at KPMG Germany.
An ECB spokesperson declined to comment.
The ECB, which announced the test last year as tensions with Russia pushed the issue further up the list of priorities for regulators, has billed it as an exercise to improve banks’ risk management rather than an exam that will directly impact their capital requirements. Since then, several attacks involving service providers and the fallout from last week’s massive global IT failure have underscored the vulnerabilities of the global financial system.
“At some lenders it was often not clear which responsibilities the bank bore and which the service provider” in case of an attack, Hertlein said in an interview. He declined to identify any of the lenders his firm advised.
The test involved 109 lenders in total, with some facing closer scrutiny than others based on their importance. During the examination, which started in January, the banks had to overcome a simulated successful cyber attack and report their measures to the regulator.
The ECB isn’t expected to publish results for individual lenders. But the regulator will set deadlines for banks to take steps to eliminate issues that have become apparent, according to Hertlein. That’s usually dealt with in regular assessments of the risks that individual banks face.
That will mean, “banks have to invest,” Hertlein said. Further tests like this could follow, not necessarily carried out by the ECB, but possibly by national authorities, he added.
©2024 Bloomberg L.P.
