Cyber resilience

Cyber resilience refers to ‘the ability of an organisation to continue to carry out its mission by anticipating and adapting to cyber threats and other relevant changes in the environment and by withstanding, containing and rapidly recovering from cyber incidents’. (Source: FSB Cyber Lexicon [Adapted from CERT Glossary (definition of ‘Operational resilience’), CPMI-IOSCO and NIST (definition of ‘Resilience’)].

The Eurosystem’s approach

Cyber risk is borderless and the European Central Bank's (ECB) oversight approach aims to ensure that the financial ecosystem as a whole is resilient against cyber threats, in line with international initiatives in this field.

In March 2017 the Governing Council of the ECB approved the Eurosystem cyber resilience strategy for FMIs, which aims to put in practice the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures.

In December 2018 the ECB published the Cyber resilience oversight expectations for financial market infrastructures (CROE), which define the Eurosystem’s expectations in terms of cyber resilience, based on existing global guidance (i.e. CPMI-IOSCO Guidance mentioned above). 

In line with the Eurosystem’s approach, the Central Bank of Cyprus (CBC) monitors the readiness of local financial market infrastructures (FMIs) with respect to cyber resilience.