THE EU EXPERIENCE ON DEVELOPING AND IMPLEMENTING A NATIONAL CYBER RESILIENCE STRATEGY FOR THE FINANCIAL SECTOR
Abstract
Given the evolving landscape of technological advancements and the proliferation of sophisticated criminal activities, fortifying the cyber resilience of the financial sector stands as a paramount obligation for regulatory bodies. In recent years, numerous international, European, and national regulatory frameworks, as well as industry standards, have emerged to address the domains of information security and cyber protection. Specialized European organizations and the national governments of European countries have made significant strides in developing effective legislation to combat cybercrime, conducting informational and educational campaigns for personal and corporate cyber protection, and seeking mechanisms to bolster the cyber resilience of economic entities. Considering this, the article aims to conduct a comparative analysis of the European and Ukrainian approaches to formulating and executing national strategies focused on enhancing the cyber resilience of the financial system. The article delves into the analysis of cyber incidents and data breaches within the financial sector. It performs a comparative assessment of the primary achievements in ensuring the cyber stability of the financial system across European Union countries and Ukraine. This evaluation encompasses key components: the foundational principles of cyber security strategy, defenses against cyber threats, responses to cyber incidents, and the evolution of cyber security systems. Recognizing the progress achieved in the development of national cyber security systems, the authors ascertain that the response procedures for cyber incidents, individual elements within the national cyber security framework, and the regulatory requirements for the cyber security of financial institutions necessitate further enhancement. These enhancements should align with the evolving cyber landscape, ensuring adaptability and robustness in the face of emerging threats and technological advancements. This involves continuous updates to defensive measures against cyber threats and the augmentation of response protocols to effectively counter evolving attack methodologies.
References
X-Force Threat Intelligence Index 2023. IBM Security. 2023. URL: https://www.ibm.com/reports/threat-intelligence (дата звернення: 06.10.2023)
Dupont B. The cyber-resilience of financial institutions: significance and applicability. Journal of Cybersecurity. 2019. Vol. 5, issue 1. P. 1-17. DOI: 10.1093/cybsec/tyz013
Dupont B., Shearing C., Bernier M., Leukfeldt R. The tensions of cyber-resilience: From sensemaking to practice. Computers & Security. 2023. Vol. 132, 103372. DOI: 10.1016/j.cose.2023.103372
Li Yu., Liu Q. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports. 2021. Vol. 7. P. 8176–8186. DOI: 10.1016/j.egyr.2021.08.126.
Криклій О. А. Теорія та практика забезпечення кіберстійкості банків. Ефективна економіка. 2020. № 10. URL: http://www.economy.nayka.com.ua/?op=1&z=8248 (дата звернення: 06.10.2023). DOI: 10.32702/2307-2105-2020.10.50
Білошапка В., Охрименко І., Чуб П. Регуляторний контроль за інформаційною та кібербезпекою банків в умовах інтенсивної цифровізації. Наука і техніка сьогодні. 2022. №14(14). С. 96-109. DOI: 10.52058/2786-6025-2022-14(14)-96-109
Шлапак А. Наглядовий потенціал фінансових установ у протидії кіберзлочинам та інформаційним асиметріям в умовах зростання ролі FINTECH і BIG TECHS на цифровізованих ринках капіталу. Вісник Хмельницького національного університету. 2022. №2(2). C. 273-280. DOI: 10.31891/2307-5740-2022-304-2(2)-43
Cyber Resilience for Financial Market Infrastructures. The World Bank. November 2019. URL: https://thedocs.worldbank.org/en/doc/189821576699037673-0130022019/original/FIGIECBOperationalCyberFinalWeb1213.pdf (дата звернення: 06.10.2023)
What is cyber resilience? European Central Bank. URL: https://www.ecb.europa.eu/paym/cyber-resilience/html/index.en.html (дата звернення: 06.10.2023)
Petrosyan A. Global number of cyber attacks in financial sector 2013-2022. Statista. 2023. URL: https://www.statista.com/statistics/1310985/number-of-cyber-incidents-in-financial-industry-worldwide/ (дата звернення: 06.10.2023)
Petrosyan A. Cyber crime: all-time biggest online data breaches 2023. Statista. 2023. URL: https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/ (дата звернення: 06.10.2023)
Про рішення Ради національної безпеки і оборони України від 14 травня 2021 року «Про Стратегію кібербезпеки України». Указ Президента України. URL: https://zakon.rada.gov.ua/laws/show/447/2021#Text (дата звернення: 06.10.2023)
The Critical Entities Resilience Directive: Directive EU 2022/2557. European Parliament. URL: https://eur-lex.europa.eu/eli/dir/2022/2557/oj (дата звернення: 06.10.2023)
IBM Security (2023). X-Force Threat Intelligence Index 2023. Available at: https://www.ibm.com/reports/threat-intelligence (accessed October 6, 2023)
Dupont B. (2019). The cyber-resilience of financial institutions: significance and applicability. Journal of Cybersecurity, vol. 5, issue 1, pp. 1-17. DOI: 10.1093/cybsec/tyz013
Dupont B., Shearing C., Bernier M., Leukfeldt R. (2023). The tensions of cyber-resilience: From sensemaking to practice. Computers & Security, vol. 132, 103372. DOI: 10.1016/j.cose.2023.103372
Li Yu., Liu Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, vol. 7, pp. 8176–8186. DOI: 10.1016/j.egyr.2021.08.126.
Kryklii O. (2020). Teoriya ta praktyka zabezpechennya kiberstiykosti bankiv [Theory and practice of ensuring cyber-resilience of banks]. Efektyvna ekonomika, vol. 10. available at: http://www.economy.nayka.com.ua/?op=1&z=8248 (accessed October 6, 2023). DOI: 10.32702/2307-2105-2020.10.50 [in Ukrainian]
Biloshapka V., Okhrymenko I., Chub P. (2022). Rehulyatornyy kontrol za informatsiynoyu ta kiberbezpekoyu bankiv v umovakh intensyvnoyi tsyfrovizatsiyi [Regulatory control of information and cyber security of banks in the conditions of intensive digitalization]. Science and Technology Today, vol. 14(14), pp. 96-109. DOI: 10.52058/2786-6025-2022-14(14)-96-109 [in Ukrainian]
Shlapak A. (2022). Nahlyadovyy potentsial finansovykh ustanov u protydiyi kiberzlochynam ta informatsiynym asymetriyam v umovakh zrostannya roli FINTECH i BIG TECHS na tsyfrovizovanykh rynkakh kapitalu [Supervisory capacity of financial institutions in countering cybercrime and information asymmetries in the conditions of the growth of the role of FINTECH and BIG TECHS in the digitalized international capital markets]. Visnyk Khmelʹnytsʹkoho natsionalʹnoho universytetu, vol. 2(2), pp. 273-280. DOI: 10.31891/2307-5740-2022-304-2(2)-43 [in Ukrainian]
Cyber Resilience for Financial Market Infrastructures. The World Bank. November 2019. Available at: https://thedocs.worldbank.org/en/doc/189821576699037673-0130022019/original/FIGIECBOperationalCyberFinalWeb1213.pdf (accessed October 6, 2023)
European Central Bank (2023). What is cyber resilience? Available at: https://www.ecb.europa.eu/paym/cyber-resilience/html/index.en.html (accessed October 6, 2023)
Petrosyan A. (2023). Global number of cyber attacks in financial sector 2013-2022. Statista. Available at: https://www.statista.com/statistics/1310985/number-of-cyber-incidents-in-financial-industry-worldwide/ (accessed October 6, 2023)
Petrosyan A. (2023). Cyber crime: all-time biggest online data breaches 2023. Statista. Available at: https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/ (accessed October 6, 2023)
Pro rishennya Rady natsionalnoyi bezpeky i oborony Ukrayiny vid 14 travnya 2021 roku «Pro Stratehiyu kiberbezpeky Ukrayiny». Ukaz Prezydenta Ukrayiny [On the decision of the National Security and Defense Council of Ukraine dated May 14, 2021 “On the Cybersecurity Strategy of Ukraine”. Decree of the President of Ukraine]. Available at: https://zakon.rada.gov.ua/laws/show/447/2021#Text (accessed October 6, 2023) [in Ukrainian]
The Critical Entities Resilience Directive: Directive EU 2022/2557. European Parliament. Available at: https://eur-lex.europa.eu/eli/dir/2022/2557/oj (accessed October 6, 2023)
