Cyber-resilience: range of practices report issued by the Basel Committee
The Basel Committee on Banking Supervision today published the report Cyber-resilience: range of practices. It identifies, describes and compares the range of observed bank, regulatory and supervisory cyber-resilience practices across jurisdictions.
Based on analysis of authorities' responses to previous international surveys and on exchanges between international experts, the report gains insight into the effective practices and expectations in place. It also benefited from industry participants' input.
The Basel Committee classifies the expectations and practices into four broad dimensions of cyber-resilience:
- Governance and culture
- Risk measurement and assessment of preparedness (both in preventing and recovering/learning)
- Communication and information-sharing
- Interconnections with third parties
The current challenges and initiatives to enhance cyber-resilience are summarised in 10 key findings and illustrated by case studies which focus on concrete developments in the jurisdictions covered.
By describing the diversity of approaches thematically, the report will help banks and supervisors navigate the regulatory environment and will serve as useful input for identifying areas where further policy work by the Committee may be warranted. Going forward, the Committee will integrate the cyber dimension into its broader operational resilience work.