The European Supervisory Authorities (ESAs) today published their report on Major ICT incidents.
Some interesting figures:
- A total of 3,383 incidents were reported (an average of 0.18 incidents per financial institution)
- Most incidents were reported by credit and payment institutions (banks)
- 31% of incidents had an impact in multiple countries
- The main causes of the incidents are system failures and external events
- 29% of incidents were caused by third parties (ICT third parties, other financial institutions, and infrastructure providers)
- The majority of incidents were classified as major due to service downtime and impact on customers, financial counterparties, and transactions
- Approximately 10% of incidents were cybersecurity-related. This indicates relatively good cybersecurity. However, supervisors urge financial institutions to keep up with (frontier) AI developments.
- Ransomware incidents are common among insurers, while DDoS and data exfiltration occur more frequently at banks.
The number of reported incidents does not necessarily indicate weaknesses in the sector. In most cases, the reported impact on customers, transactions, or financial counterparties was limited. This demonstrates that financial institutions are well-equipped to identify, manage, and resolve incidents – a crucial aspect of digital resilience.
.png)