FSB sets out a comprehensive approach to achieve greater convergence in cyber incident reporting

The FSB published the final report of its Recommendations to Achieve Greater Convergence in Cyber Incident Reporting as well as its Format for Incident Reporting Exchange (FIRE), and updated its Cyber Lexicon.
Cyber incidents are increasingly becoming more frequent and sophisticated, while the cyber threat landscape is rapidly expanding due to digital transformation, geopolitical tensions, and increased dependencies on third-party service providers. The interconnectedness of the global financial system makes it possible that a cyber incident at one financial institution or one of its third-party service providers could have spill-over effects across borders and sectors. Therefore, the G20 requested that the Financial Stability Board (FSB) deliver a report on achieving greater convergence in cyber incident reporting (CIR) to enhance the incident response and promote financial stability.
The FSB conducted work to promote greater convergence in CIR in three ways:
– Firstly, it set out recommendations to address the issues identified as impediments to achieving greater harmonization in incident reporting.
– Secondly, it enhanced the Cyber Lexicon to include additional terms related to CIR as a common language is necessary for increased convergence.
– Thirdly, it identified common types of information that are submitted by financial institutions (FIs) to authorities for CIR purposes, which culminated in a concept for a common format for incident reporting exchange (FIRE) to collect incident information from FIs and use between themselves. FIRE would be flexible to allow a range of adoption choices and include the most relevant data elements for financial authorities.
The Recommendations to Achieve Greater Convergence in Cyber Incident Reporting draw from the FSB’s body of work on cyber, including engagement with external stakeholders, to set out recommendations that aim to promote convergence among CIR frameworks. Financial authorities and FIs can choose to adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory framework. Recognizing that a one-size-fits-all approach is not feasible or preferable, the following 16 recommendations aim to promote convergence among CIR frameworks:
1. Establish and maintain objectives for CIR.
2. Explore greater convergence of CIR frameworks.
3. Adopt common data requirements and reporting formats.
4. Implement phased and incremental reporting requirements.
5. Select appropriate incident reporting triggers.
6. Calibrate initial reporting windows.
7. Provide sufficient details to minimize interpretation risk.
8. Promote timely reporting under materiality-based triggers.
9. Review the effectiveness of CIR and cyber incident response and recovery (CIRR) processes.
10. Conduct ad-hoc data collection.
11. Address impediments to cross-border information sharing.
12. Foster mutual understanding of benefits of reporting.
13. Encourage the use of consistent and standardized language.
14. Share information among financial authorities.
15. Promote information-sharing arrangements between FIs and authorities.
16. Establish a mechanism for regular exchange among authorities.
Furthermore, back in 2018, the FSB developed the Cyber Lexicon in order to support various international organizations in addressing cyber security and resilience in the financial sector. The lexicon aims to promote a shared understanding of relevant terminology across sectors, enhance monitoring of cyber risks to financial stability, facilitate information-sharing, and support the development of guidance related to cyber security and resilience. The Cyber Lexicon has been updated to reflect changes in the cyber landscape and information technology. The criteria for inclusion and exclusion of terms remain the same, with technical terms and those used beyond cyber security and resilience in the financial sector being excluded.
Finally, in its efforts to promote convergence in cyber incident reporting (CIR), the Financial Stability Board (FSB) discovered a significant degree of overlap in the types of information that financial institutions (FIs) are mandated to report under prevailing CIR frameworks. Recognizing the potential to exploit these similarities for increased convergence, the FSB proposed a concept for establishing a standard format for exchanging incident reporting information, known as the Framework for Incident Reporting Exchange (FIRE), which would collect and share incident information between FIs and authorities. The corresponding Framework for Incident Reporting Exchange (FIRE) report presents the findings of the public consultation on the FIRE concept, outlining the potential benefits, risks, and costs associated with the initiative, as well as discussing the FSB’s plan for advancing the development of FIRE.