The Financial Stability Board issued its report setting out 16 recommendations to address these issues with a view to promote best practices in cyber incident reporting. Included in the Recommendations to Achieve Greater Convergence in Cyber Incident Reporting, were several recommendations made by World Council including proportionality language to help smaller community based financial institutions and language surrounding feedback loops to assist credit unions in defending themselves against cyber-attacks.
The report draws from the FSB’s body of work on cyber, including engagement with external stakeholders, the report identifies commonalities and details practical issues associated with the collection of cyber incident information from FIs and the onward sharing between financial authorities. These practical issues include:
- operational challenges arising from the process of reporting to multiple authorities;
- setting appropriate and consistent qualitative and quantitative criteria/thresholds for reporting;
- establishing an appropriate culture to report incidents in a timely manner;
- inconsistent definitions and taxonomy related to cyber security;
- establishing a secure mechanism to communicate on cyber incidents; and
- legal or confidentiality constraints in sharing information with authorities across borders and sectors.
A copy of the report can be viewed here.