Global Standards Body Pushes for Harmonised Cybersecurity Reporting

Cybersecurity incident reporting is too fragmented across jurisdictions and sectors, with the scope of what is reported varying widely, the global financial stability standards body has warned. 

The Basel-Switzerland-based Financial Stability Board (FSB) has warned that the variation in methodologies used to measure the severity and impact of an incident, the timeframes used to report cyber incidents, and how cyber incident information is used could potentially undermine the ability of financial institutions to respond and recover from cyber attacks.

The Board, which works closely with the G20 in acting on global priorities, and coordinates global standard-setting  and promotes effective regulatory supervision, has issued a number of recommendations for policy implementation globally. It plans to develop a detailed plan by the end of 2021 to take its proposals forward, with its warnings and recommendations likely to be eventually implemented by global regulators in due course. 

The Board believes greater harmonisation of regulatory reporting of cyber incidents would promote financial stability by building a common 

understanding, and the monitoring, of cyber incidents that affect financial institutions, support effective supervision of cyber risks at financial institutions, and facilitate the coordination and sharing of information among authorities across sectors and jurisdictions. 

Specifically it has recommended:

* the development of best practices including a minimum set of information related to cyber incidents that financial authorities need to promote financial stability;

* the identification of common types of information to be shared to promote understanding and legal and operational impediments to information sharing;

* and the creation of common terminologies for cyber incident reporting.