Opinion

Europe’s banking union must be cyberproofed

The EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks

By: Date: January 30, 2020 Topic: Banking and capital markets

This opinion piece was originally published in Corriere della Sera, Nikkei Veritas and Politico.

Corriere della Sera logo

Politico logo

When European leaders, back in 2012, embarked on an ambitious plan to create a truly pan-continental financial system, they overlooked one important detail: how to protect it from cyberattacks.

Banks have remained closely tied to national governments, including in cases of financial stress, as the so-called banking union is only half-finished. And because the European Union’s cybersecurity authorities are national, banks are also in tight lockstep with their country’s security authorities.

With much of the debate focused on how to facilitate better cross-border banking, the security vulnerabilities emanating from an integrated financial system are hardly discussed. Some policymakers even worry that labeling the financial system as critical infrastructure would stall the banking union agenda.

Ignoring the cyber risks involved would be madness.

Imagine a social media attack that leads to a bank run, as occurred in Bulgaria in 2014, or a large-scale electricity blackout caused by cyberattacks, as happened with the December 2015 Kyiv power outage. We might even see a full-blown attack on a country bigger than Estonia, which was targeted in 2007, or a more extreme case where the payment system goes down for a day.

Ignoring the cyber risks involved would be madness.

Any of these would disrupt the daily lives of millions of people and countless businesses, which rely on continuous access to financial services.

Of course, the prime responsibility for providing those services lies with the financial institutions themselves. In fact, all major financial institutions are investing substantially in cybersecurity. And for good reason: Surveys indicate that the number of cyberattacks are increasing.

But under the current set up, the EU’s financial system is unprepared to respond to such an attack.

Currently, when major attacks happen, the banks’ first port of call is to inform their national authorities, which do not readily exchange information with their counterparts in other countries. The European banking supervisor, the European Central Bank, has to interact with various national security agencies when it comes to cyber occurrences that fall under its remit. And the EU has never conducted a cybersecurity preparedness exercise for the bloc’s financial system — much in contrast with the G7, which undertook such an exercise under the leadership of the French central bank.

The financial system’s vulnerabilities would be exacerbated in a truly pan-European banking union.

Take, for example, an attack on a bank that provides financial services in several countries. What incentives would the national security agency of the country where the bank is headquartered have to address cyber problems in third countries?

In the eurozone, the lack of security cooperation would also harm the provision of financial services, because a cyberattack that undermines trust in payments would immediately be a concern for all euro area countries. Just as money laundering and financial crimes are more than an embarrassment for the ECB, cyber vulnerabilities would threaten the entire common currency area.

At the very least, the EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks — an important growth segment in the insurance industry and an important contributor to reducing and assessing risks.

But if the EU wants to truly complete its banking union, it will have to go even further and create a much more tightly integrated cybersecurity infrastructure. The EU’s agency for cybersecurity, ENISA, is small and mostly provides support to national authorities. It could not provide for the cyber safety of a highly integrated European financial system.

European Commission President Ursula von der Leyen, who kickstarted Germany’s cybersecurity infrastructure as the country’s defense minister, should now invest political capital in creating a fully operational cybersecurity authority for the EU. Having one authority would be cheaper than having many national ones, and it would also be more effective, for example when it comes to attracting talent.

It’s time for Europe’s policymakers to send a clear signal: If they integrate further financially, they have to accept much greater levels of security cooperation.

The banking union emerged from an existential financial threat. But unless the EU coordinates better on cybersecurity, it risks becoming a threat itself.


Republishing and referencing

Bruegel considers itself a public good and takes no institutional standpoint.

Due to copyright agreements we ask that you kindly email request to republish opinions that have appeared in print to [email protected].

Read article
 

Blog Post

European governance

Including home-ownership costs in the inflation indicator is not just a technical issue

The European Central Bank is right to propose inclusion of owner-occupied housing services in the inflation indicator. But the ECB’s preferred method would involve an asset price in the consumer inflation indicator.

By: Zsolt Darvas and Catarina Martins Topic: European governance, Macroeconomic policy Date: November 18, 2021
Read article Download PDF More by this author
 

Parliamentary Testimony

European governanceEuropean Parliament

The New Euro Area Inflation Indicator and Target: The Right Reset?

Testimony to the Monetary Dialogue Preparatory Meeting of the European Parliament's Committee on Economic and Monetary Affairs (ECON).

By: Zsolt Darvas Topic: European governance, European Parliament, Macroeconomic policy Date: November 9, 2021
Read article
 

External Publication

European governanceEuropean Parliament

The new euro area inflation indicator and target: the right reset?

In-depth analysis on the European Central Bank's revised inflation target prepared for the European Parliament's Committee on Economic and Monetary Affairs (ECON).

By: Zsolt Darvas and Catarina Martins Topic: European governance, European Parliament, Macroeconomic policy Date: November 4, 2021
Read about event More on this topic
 

Past Event

Past Event

European monetary policy: lessons from the past two decades

This event will feature the presentation of “Monetary Policy in Times of Crisis – A Tale of Two Decades of the European Central Bank."

Speakers: Petra Geraats, Wolfgang Lemke, Francesco Papadia and Massimo Rostagno Topic: Macroeconomic policy Date: November 4, 2021
Read article
 

Blog Post

European governance

Is the risk of stagflation real?

Most economic forecasts predict a return, in the medium-term, to pre-pandemic growth and inflation. Nevertheless, the European Central Bank and fiscal authorities need to be vigilant for signs of the contrary.

By: Monika Grzegorczyk, Francesco Papadia and Pauline Weil Topic: European governance, Macroeconomic policy Date: November 2, 2021
Read article More by this author
 

Opinion

European governance

Is the ECB right to take on climate change?

The real issue here is not that the ECB takes a very sizeable risk by pursuing climate objectives but rather, that it cannot afford not to. And by doing so, it helps establish just how urgent climate change is.

By: Maria Demertzis Topic: European governance, Green economy, Macroeconomic policy Date: November 2, 2021
Read article More on this topic
 

Blog Post

How have the European Central Bank’s negative rates been passed on?

Negative rate cuts are not that different from ‘standard’ rate cuts. Like them, they reduce banks’ margins, but this effect does not appear to be amplified below 0%.

By: Grégory Claeys and Lionel Guetta-Jeanrenaud Topic: Macroeconomic policy Date: July 7, 2021
Read article More on this topic More by this author
 

Opinion

What to expect from the ECB’s monetary policy strategy review?

Emphasis will be placed on greening monetary policy and clarifying the ECB's price stability objective, but is this enough?

By: Maria Demertzis Topic: Macroeconomic policy Date: June 23, 2021
Read article More on this topic More by this author
 

Blog Post

Inflation!? Germany, the euro area and the European Central Bank

There is concern in Germany about rising prices, but expectations and wage data show no sign of excess pressures; German inflation should exceed 2% to support euro-area rebalancing but is unlikely to do so on sustained basis.

By: Guntram B. Wolff Topic: Macroeconomic policy Date: June 9, 2021
Read article Download PDF More by this author
 

External Publication

European Parliament

What Are the Effects of the ECB’s Negative Interest Rate Policy?

This paper explores the potential effects (and side effects) of negative rates in theory and examines the evidence to determine what these effects have been in practice in the euro area.

By: Grégory Claeys Topic: Banking and capital markets, European Parliament, Testimonies Date: June 9, 2021
Read article
 

Blog Post

European governance

Emergency Liquidity Assistance: A new lease of life or kiss of death?

Use of Emergency Liquidity Assistance to prop up euro-area banks needs to be more transparent; available evidence suggests its use has not always been within the rules.

By: Francesco Papadia and Leonardo Cadamuro Topic: European governance, Macroeconomic policy Date: May 28, 2021
Read article
 

Opinion

European governance

The ECB needs political guidance on secondary objectives

While EU Treaties clearly stipulate that the ECB “shall support the general objectives of the European Union”, it is not appropriate to simply stand by, wishing that the ECB will use its discretionary power to act on them. Political institutions of the EU should prioritise the secondary goals to legitimise the ECB’s action.

By: Pervenche Béres, Grégory Claeys, Nik de Boer, Panicos O. Demetriades, Sebastian Diessner, Stanislas Jourdan, Jens van ‘t Klooster and Vivien Schmidt Topic: European governance, Macroeconomic policy Date: April 22, 2021
Load more posts