EU to create pan-European cyber incident coordination framework

The European Systemic Risk Board (ESRB) proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to coordinate better when responding to major cross-border cyber incidents impacting the Union’s financial sector.

ESRB is an independent EU body established in 2010 that oversees the European Union’s financial system to prevent and mitigate systemic risk.

“The three European Supervisory Authorities (EBA, EIOPA and ESMA – ESAs) published today a statement welcoming the European Systemic Risk Board’s (ESRB) Recommendation on systemic cyber risk, which calls on the ESAs to prepare for the gradual development of a Pan-European systemic cyber incident coordination framework (EU-SCICF),” a press release published Thursday reads.

“This will support an effective and coordinated response at EU-level in the event of a major cross-border cyber incident that could have a systemic impact on the Union’s financial sector.”

The ESRB also recommends the European Supervisory Authorities (in coordination with the ESRB and the European Central Bank) look into any possible operational and legal obstacles that could impede the development of the pan-European coordination framework.

ESRB’s recommendation comes in the context of an increased risk to the EU’s financial stability from an increasing number of continuously evolving cyber threats.

“The ESRB highlights the need for authorities to coordinate and communicate swiftly in the event of a major cyber incident, to rapidly assess its impact and to support confidence in the financial sector,” the ESRB said [PDF].

Cyberattacks targeting EU orgs’ networks

This initiative comes after multiple incidents resulting in networks belonging to EU organizations being breached last year.

For instance, in January, the European Medicines Agency (EMA) revealed that unknown attackers stole Pfizer/BioNTech COVID-19 vaccine data in December and leaked it online.

The European Banking Authority (EBA), which oversees the integrity and proper functioning of the EU banking sector, was forced to take down all email systems in March 2021 after its Microsoft Exchange servers during a hacking campaign targeting organizations worldwide.

The same month, the European Commission and several other EU organizations were also hit by a cyberattack that impacted multiple EU institutions, bodies, and agencies’ IT infrastructure.

In July, US and allies, including the European Union, officially blamed China for last year’s widespread Microsoft Exchange hacking campaign.