Banks to be forced to reveal all cyber security breaches to the European Central Bank

All banks regulated by the European Central Bank (ECB) will be forced to reveal all major cyber security breaches, according to one of the supervisor’s bosses.

Starting this summer, banks directly supervised by the ECB will have to “report all significant cyber incidents”, said Sabine Lautenschlaeger, a member of the ECB’s executive board.

At a speech in Frankfurt, she said: “This will help us to assess more objectively how many incidents there are and how cyber threats evolve. It will also help us to identify vulnerabilities and common pitfalls.”

Read more: Banks, don’t game the system after Brexit warns ECB executive

The operations in the Eurozone of big British banks will fall under the scope of the new requirements, including Royal Bank of Scotland, Barclays and HSBC.

The ECB will also continue to perform regular “thematic reviews” on cyber security and outsourcing arrangements, a common weak link exploited in big cyber attacks.

Attacks on information technology have risen rapidly up the agenda for banking supervisors and bank bosses alike, although just less than half of banks listed cyber security as a top-three concern, according to a January report by EY and the Institute of International Finance.

Read more: Swift’s beefing up its security after fraud troubles

However, the rapid spread of the Wannacry virus, which disabled institutions around the world including many National Health Service computers in the UK, has increased the prominence of cyber security among executives still further.

The Russian central bank was one of the other institutions hit by that attack, while a hack of the Bangladeshi central bank last year resulted in the theft of $80m (£63m) via the Swift interbank payments system.

That led to urgent upgrades of the payment system, which is one of the world’s key financial infrastructures, to combat fraud.