ESMA to put cyber risk as a new Union Strategic Supervisory Priority

ESMA is updating its USSPs to include a focus on cyber risk and digital resilience, in addition to ESG disclosures. This shift reflects the growing importance of addressing cybersecurity challenges in the financial sector. The new priority involves reinforcing firms‘ ICT risk management through monitoring, supervisory actions, and building new capacity. The goal is to adapt to market and technological developments while monitoring potential contagion effects of cyber attacks across markets and firms.
The implementation of this new USSP is scheduled for 2025, coinciding with DORA, providing time for supervisors and firms in EU Member States to prepare for compliance. ESMA and NCAs will engage in preparatory work to shape supervisory activities under this priority.
ESG disclosures will continue to be a focus, aiming to combat greenwashing, enhance investor understanding, and incorporate sustainability requirements into firms‘ advice to investors. ESG disclosures will remain a priority in 2024, addressing key segments of the sustainable finance value chain.
The new USSP on cyber risk and digital resilience replaces the existing USSP on market data quality. Previous efforts have led to improvements in data quality through common methodologies, data sharing frameworks, and supervisory tools. While ensuring data quality remains a duty of supervised entities, the focus is shifting to cyber risk preparedness.