DNB publiceert voor het eerst haar Cyberstrategie

On 21 december 2023, DNB published for the first time its cyber strategy.
DNB discusses its efforts in enhancing cyber resilience in the financial sector in the face of external developments.
The increasing digitization, geopolitical tensions, and outsourcing of digital processes pose complex and dynamic risks, particularly in terms of cyber threats.
The document outlines key cyber risks in 2023, such as ransomware, attacks on third parties, advanced phishing using Artificial Intelligence and insider threat, referring to a malicious insider within an organization who is placed there by criminals..
It emphasizes the importance of addressing these risks collectively and treating cyber risk as a systemic risk.
DNB’s strategy includes monitoring technological developments, geopolitical tensions, and outsourcing. The text highlights the significance of technological advancements in both benefiting and posing risks to the financial sector. It discusses potential threats arising from geopolitical tensions and the challenges posed by outsourcing to third-party service providers.
To enhance cyber resilience, DNB focuses on active monitoring, testing, and collaboration within the financial sector. The Tripartite Crisis Management Operation is coordinated to manage operational disruptions, and various testing programs, such as TIBER tests and cyber crisis exercises, are employed. DNB also engages in knowledge sharing with the sector and other stakeholders, aiming to improve the overall understanding and response to cyber threats.
Additionally, DNB emphasizes the importance of ensuring that financial institutions have their cyber resilience in order and complies with regulations. The Digital Operational Resilience Act (DORA) is mentioned as a regulatory tool to further enhance cyber resilience in the financial sector.
DNB’s own efforts in maintaining cyber resilience adhere to similar standards as those imposed on financial institutions, participating in threat intelligence sharing communities, engageing with security agencies, and actively testing its own cyber resilience through programs like TIBER.
DNB emphasizes the ongoing commitment required for a cyber-resilient financial sector.