I read the below article because a governance and risk officer of a big bank shared it on LinkedIn and it was a very interesting read. First and foremost, the message for me as a customer of several banks is that it maintains and extends trust in the system that moves and holds our money. Secondly of course because i also see a lot of room for improvement in that area and see it as a great way to reduce risk for customers and the bank itself.
The article highlights findings in cyber security and IT risk and it addresses some of the things that fall of the table too often.
The regulators react by tightening the screws and carrying out more audits, so this will be a area of focus for the next on-site inspections that will be carried out.
As a networking and security person i would embrace this and see it as a acknowledgement of how important IT and IT security have become for financial institutions as a way to maintain and extend trust, one of the fundamentals of these institutions.
Many of the more severe findings in the area of IT risk concerned IT security management. In particular, inspectors found that measures for detecting and mitigating IT risks were not implemented as quickly and extensively as they should be. In some cases, vulnerability patches – software updates to address security vulnerabilities – were not applied frequently enough. In the light of the increasing importance of IT security management and the high concentration of findings, ECB Banking Supervision will continue to assess the IT and cyber risks facing banks and will launch a number of OSIs on IT risk‑related topics in the coming months. Significant institutions will continue to report any significant cyber incidents to ECB Banking Supervision under the SSM cyber incident reporting process.