Opinion

Europe’s banking union must be cyberproofed

The EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks

By: Date: January 30, 2020 Topic: Finance & Financial Regulation

This opinion piece was originally published in Corriere della Sera, Nikkei Veritas and Politico.

Corriere della Sera logo

Politico logo

When European leaders, back in 2012, embarked on an ambitious plan to create a truly pan-continental financial system, they overlooked one important detail: how to protect it from cyberattacks.

Banks have remained closely tied to national governments, including in cases of financial stress, as the so-called banking union is only half-finished. And because the European Union’s cybersecurity authorities are national, banks are also in tight lockstep with their country’s security authorities.

With much of the debate focused on how to facilitate better cross-border banking, the security vulnerabilities emanating from an integrated financial system are hardly discussed. Some policymakers even worry that labeling the financial system as critical infrastructure would stall the banking union agenda.

Ignoring the cyber risks involved would be madness.

Imagine a social media attack that leads to a bank run, as occurred in Bulgaria in 2014, or a large-scale electricity blackout caused by cyberattacks, as happened with the December 2015 Kyiv power outage. We might even see a full-blown attack on a country bigger than Estonia, which was targeted in 2007, or a more extreme case where the payment system goes down for a day.

Ignoring the cyber risks involved would be madness.

Any of these would disrupt the daily lives of millions of people and countless businesses, which rely on continuous access to financial services.

Of course, the prime responsibility for providing those services lies with the financial institutions themselves. In fact, all major financial institutions are investing substantially in cybersecurity. And for good reason: Surveys indicate that the number of cyberattacks are increasing.

But under the current set up, the EU’s financial system is unprepared to respond to such an attack.

Currently, when major attacks happen, the banks’ first port of call is to inform their national authorities, which do not readily exchange information with their counterparts in other countries. The European banking supervisor, the European Central Bank, has to interact with various national security agencies when it comes to cyber occurrences that fall under its remit. And the EU has never conducted a cybersecurity preparedness exercise for the bloc’s financial system — much in contrast with the G7, which undertook such an exercise under the leadership of the French central bank.

The financial system’s vulnerabilities would be exacerbated in a truly pan-European banking union.

Take, for example, an attack on a bank that provides financial services in several countries. What incentives would the national security agency of the country where the bank is headquartered have to address cyber problems in third countries?

In the eurozone, the lack of security cooperation would also harm the provision of financial services, because a cyberattack that undermines trust in payments would immediately be a concern for all euro area countries. Just as money laundering and financial crimes are more than an embarrassment for the ECB, cyber vulnerabilities would threaten the entire common currency area.

At the very least, the EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks — an important growth segment in the insurance industry and an important contributor to reducing and assessing risks.

But if the EU wants to truly complete its banking union, it will have to go even further and create a much more tightly integrated cybersecurity infrastructure. The EU’s agency for cybersecurity, ENISA, is small and mostly provides support to national authorities. It could not provide for the cyber safety of a highly integrated European financial system.

European Commission President Ursula von der Leyen, who kickstarted Germany’s cybersecurity infrastructure as the country’s defense minister, should now invest political capital in creating a fully operational cybersecurity authority for the EU. Having one authority would be cheaper than having many national ones, and it would also be more effective, for example when it comes to attracting talent.

It’s time for Europe’s policymakers to send a clear signal: If they integrate further financially, they have to accept much greater levels of security cooperation.

The banking union emerged from an existential financial threat. But unless the EU coordinates better on cybersecurity, it risks becoming a threat itself.


Republishing and referencing

Bruegel considers itself a public good and takes no institutional standpoint.

Due to copyright agreements we ask that you kindly email request to republish opinions that have appeared in print to [email protected].

Read article Download PDF
 

Policy Contribution

Is the COVID-19 crisis an opportunity to boost the euro as a global currency?

The euro never challenged the US dollar, and its international status declined with the euro crisis. Faced with a US administration willing to use its hegemonic currency to extend its domestic policies beyond its borders, Europe is reflecting on how to promote it currency on the global stage to ensure its autonomy. But promoting a more prominent role for the euro is difficult and involves far-reaching changes to the fabric of the monetary union.

By: Grégory Claeys and Guntram B. Wolff Topic: European Macroeconomics & Governance, Global Economics & Governance Date: June 5, 2020
Read article More on this topic
 

Opinion

The Independence of the Central Bank at Risk

The ruling of the German Federal Constitutional Court (GFCC) of May 5 on the ECB’s monetary policy affects not only the relation of Germany to the European Central Bank (ECB) and the Court of Justice of the European Union (ECJ) but also the constitutional foundations of monetary policy.

By: Peter Bofinger, Martin Hellwig, Michael Hüther, Monika Schnitzer, Moritz Schularick and Guntram B. Wolff Topic: European Macroeconomics & Governance Date: June 2, 2020
Read article Download PDF
 

Policy Contribution

COVID-19’s reality shock for external-funding dependent emerging economies

COVID-19 is by far the biggest challenge policymakers in emerging economies have had to deal with in recent history. Beyond the potentially large negative impact on these countries’ fiscal accounts, and the related solvency issues, worsening conditions for these countries’ external funding are a major challenge.

By: Alicia García-Herrero and Elina Ribakova Topic: Finance & Financial Regulation, Global Economics & Governance Date: May 28, 2020
Read article Download PDF More by this author
 

Policy Contribution

European Parliament

The European Central Bank in the COVID-19 crisis: whatever it takes, within its mandate

To keep the euro-area economy afloat, the European Central Bank has put in place a large number of measures since the beginning of the COVID-19 crisis. This response has triggered fears of a future increase in inflation. However, the ECB's new measures and the resulting increase in the size of its balance sheet, even if it were to be permanent, should not restrict its ability to achieve its price-stability mandate, within its legal obligations.

By: Grégory Claeys Topic: European Macroeconomics & Governance, European Parliament, Testimonies Date: May 20, 2020
Read article More on this topic More by this author
 

Opinion

The message in the ruling

The German Constitutional Court's ruling on the ECB's asset purchase programme is open to much criticism but it can hardly be blamed for raising an important question.

By: Jean Pisani-Ferry Topic: European Macroeconomics & Governance Date: May 12, 2020
Read about event
 

Past Event

Past Event

Tackling the rise of cybercrime amid COVID-19 with Ylva Johansson

How can the European Union fight the cybercriminals that are exploiting the coronavirus crisis?

Speakers: Ylva Johansson, Michael Peel and Guntram B. Wolff Topic: European Macroeconomics & Governance, Innovation & Competition Policy Location: Bruegel, Rue de la Charité 33, 1210 Brussels Date: May 7, 2020
Read article More on this topic More by this author
 

Podcast

Podcast

An analysis of the German Constitutional Court's ruling on the ECB QE programme

The German Constitutional called today on the ECB to justify its bond-buying program. What does today's ruling of the German Constitutional Court mean for the ECB's QE program? Could such a decision open a precedent when it comes to contesting EU law? Today, Giuseppe Porcaro and Guntram Wolff are joined by Franz Mayer, chair of Public Law at the University of Belefield, to analyse the German Constitutional Court's ruling.

By: The Sound of Economics Topic: European Macroeconomics & Governance Date: May 5, 2020
Read about event More on this topic
 

Past Event

Past Event

The Sound of Economics Live: An analysis of the German Constitutional Court ruling on the ECB QE programme

What does today's ruling of the German Constitutional Court mean for the ECB's Quantitative Easing programmme

Speakers: Franz Mayer, Giuseppe Porcaro and Guntram B. Wolff Topic: European Macroeconomics & Governance Location: Bruegel, Rue de la Charité 33, 1210 Brussels Date: May 5, 2020
Read article More on this topic
 

Opinion

Monetisation: do not panic

The extraordinary operations that are under way in most countries in response to the COVID-19 shock have raised fears that large-scale monetisation will result in a major inflation episode. This column argues that so far, there is no evidence that central banks have given up, or are preparing to give up, on their price stability mandate. While there are obviously some reasons to worry, central banks are doing the right thing and the authors see no reason to panic.

By: Olivier Blanchard and Jean Pisani-Ferry Topic: Finance & Financial Regulation Date: April 14, 2020
Read about event More on this topic
 

Past Event

Past Event

The Sound of Economics Live: The macroeconomic policy response to the COVID-19 crisis

Which macroeconomic policy response is the best option to deal with the crisis currently unfolding and will ensure that the recovery will be as quick as possible?

Speakers: Grégory Claeys, Giuseppe Porcaro, Lucrezia Reichlin and Guntram B. Wolff Topic: European Macroeconomics & Governance Location: Bruegel, Rue de la Charité 33, 1210 Brussels Date: March 31, 2020
Read article Download PDF More on this topic
 

External Publication

Facing the lower bound: what will the ECB do in the next recession?

In responding to the global financial crisis, the ECB has pushed its monetary policy into unchartered territories . Today, it appears increasingly constrained by persistently low interest rates. This paper seeks to understand this challenge and assess whether its toolkit would allow the ECB to weather a European recession.

By: Aliénor Cameron, Grégory Claeys and Maria Demertzis Topic: European Macroeconomics & Governance Date: March 27, 2020
Read article
 

Blog Post

COVID-19 Fiscal response: What are the options for the EU Council?

It is time for the EU Council to make quick progress on the fiscal front and announce something as soon as possible to show that it taken full measure of the severity of the situation.

By: Grégory Claeys and Guntram B. Wolff Topic: European Macroeconomics & Governance Date: March 26, 2020
Load more posts