EU: ENISA releases report on EU cybersecurity initiatives in the financial sector
The European Union Agency for Cybersecurity (ENISA) issues a report shedding light on European policy initiatives in the finance sector.
The finance sector is subject to both EU and national legislations. This sector, which stands as a crucial backbone of the European economy, is extremely dependent on ICT infrastructures, providers, and their supply chain.
The cybersecurity provisions dedicated to this sector are included in a variety of EU legislation, standards, and guidelines. Stakeholders such as EU institutions, bodies, and agencies, as well as other public and private associations run several initiatives addressing the cybersecurity requirements for the secure operation of financial entities across the Union.
The report – EU Cybersecurity Initiatives in the Finance Sector – published today guides the reader towards European cybersecurity initiatives dedicated to the finance sector. Its purpose is to map today’s reality of a very complex cybersecurity landscape in the EU finance sector.
The need for a strengthened cooperation between the key actors of the finance sector at the European level has become urgent now, as the sector faces larger-scale cyber challenges of a more harmful nature.
The information presented in this document seeks to add more clarity and improve the cooperation between the different groups involved in these initiatives. In presenting to what extent the initiatives complement or overlap with one another, it provides the possibility of identifying potential gaps and existing synergies. It also helps to draw attention to existing initiatives and their results (guidelines, standards, legislation, etc.).
The European cyber initiatives in the finance sector are grouped according to topics defined in the Cybersecurity Act, namely:
- Development and implementation of policy;
- Information sharing and capacity building;
- Cyber crisis management;
- Awareness-raising and training;
- Standardisation and certification;
- Research and innovation.
The list is obviously not exhaustive and is meant to evolve following the developments in the sector.
With the Cybersecurity Act (CSA), signed in June 2019, the Agency has become the key instrument needed to address the EU’s ambition of significantly reinforcing cybersecurity across Europe. The Agency continues its support to the Union decision-making institutions in relation to the announced review of the NIS Directive, as well as the proposed legislation, the Digital Operational Resilience Act (DORA).