Opinion

Europe’s banking union must be cyberproofed

The EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks

By: Date: January 30, 2020 Topic: Finance & Financial Regulation

This opinion piece was originally published in Corriere della Sera, Nikkei Veritas and Politico.

Corriere della Sera logo

Politico logo

When European leaders, back in 2012, embarked on an ambitious plan to create a truly pan-continental financial system, they overlooked one important detail: how to protect it from cyberattacks.

Banks have remained closely tied to national governments, including in cases of financial stress, as the so-called banking union is only half-finished. And because the European Union’s cybersecurity authorities are national, banks are also in tight lockstep with their country’s security authorities.

With much of the debate focused on how to facilitate better cross-border banking, the security vulnerabilities emanating from an integrated financial system are hardly discussed. Some policymakers even worry that labeling the financial system as critical infrastructure would stall the banking union agenda.

Ignoring the cyber risks involved would be madness.

Imagine a social media attack that leads to a bank run, as occurred in Bulgaria in 2014, or a large-scale electricity blackout caused by cyberattacks, as happened with the December 2015 Kyiv power outage. We might even see a full-blown attack on a country bigger than Estonia, which was targeted in 2007, or a more extreme case where the payment system goes down for a day.

Ignoring the cyber risks involved would be madness.

Any of these would disrupt the daily lives of millions of people and countless businesses, which rely on continuous access to financial services.

Of course, the prime responsibility for providing those services lies with the financial institutions themselves. In fact, all major financial institutions are investing substantially in cybersecurity. And for good reason: Surveys indicate that the number of cyberattacks are increasing.

But under the current set up, the EU’s financial system is unprepared to respond to such an attack.

Currently, when major attacks happen, the banks’ first port of call is to inform their national authorities, which do not readily exchange information with their counterparts in other countries. The European banking supervisor, the European Central Bank, has to interact with various national security agencies when it comes to cyber occurrences that fall under its remit. And the EU has never conducted a cybersecurity preparedness exercise for the bloc’s financial system — much in contrast with the G7, which undertook such an exercise under the leadership of the French central bank.

The financial system’s vulnerabilities would be exacerbated in a truly pan-European banking union.

Take, for example, an attack on a bank that provides financial services in several countries. What incentives would the national security agency of the country where the bank is headquartered have to address cyber problems in third countries?

In the eurozone, the lack of security cooperation would also harm the provision of financial services, because a cyberattack that undermines trust in payments would immediately be a concern for all euro area countries. Just as money laundering and financial crimes are more than an embarrassment for the ECB, cyber vulnerabilities would threaten the entire common currency area.

At the very least, the EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks — an important growth segment in the insurance industry and an important contributor to reducing and assessing risks.

But if the EU wants to truly complete its banking union, it will have to go even further and create a much more tightly integrated cybersecurity infrastructure. The EU’s agency for cybersecurity, ENISA, is small and mostly provides support to national authorities. It could not provide for the cyber safety of a highly integrated European financial system.

European Commission President Ursula von der Leyen, who kickstarted Germany’s cybersecurity infrastructure as the country’s defense minister, should now invest political capital in creating a fully operational cybersecurity authority for the EU. Having one authority would be cheaper than having many national ones, and it would also be more effective, for example when it comes to attracting talent.

It’s time for Europe’s policymakers to send a clear signal: If they integrate further financially, they have to accept much greater levels of security cooperation.

The banking union emerged from an existential financial threat. But unless the EU coordinates better on cybersecurity, it risks becoming a threat itself.


Republishing and referencing

Bruegel considers itself a public good and takes no institutional standpoint.

Due to copyright agreements we ask that you kindly email request to republish opinions that have appeared in print to [email protected].

Read article More on this topic
 

Blog Post

How have the European Central Bank’s negative rates been passed on?

Negative rate cuts are not that different from ‘standard’ rate cuts. Like them, they reduce banks’ margins, but this effect does not appear to be amplified below 0%.

By: Grégory Claeys and Lionel Guetta-Jeanrenaud Topic: European Macroeconomics & Governance Date: July 7, 2021
Read article More on this topic More by this author
 

Opinion

What to expect from the ECB’s monetary policy strategy review?

Emphasis will be placed on greening monetary policy and clarifying the ECB's price stability objective, but is this enough?

By: Maria Demertzis Topic: European Macroeconomics & Governance Date: June 23, 2021
Read article More on this topic More by this author
 

Blog Post

Inflation!? Germany, the euro area and the European Central Bank

There is concern in Germany about rising prices, but expectations and wage data show no sign of excess pressures; German inflation should exceed 2% to support euro-area rebalancing but is unlikely to do so on sustained basis.

By: Guntram B. Wolff Topic: European Macroeconomics & Governance Date: June 9, 2021
Read article Download PDF More by this author
 

External Publication

European Parliament

What Are the Effects of the ECB’s Negative Interest Rate Policy?

This paper explores the potential effects (and side effects) of negative rates in theory and examines the evidence to determine what these effects have been in practice in the euro area.

By: Grégory Claeys Topic: European Parliament, Finance & Financial Regulation, Testimonies Date: June 9, 2021
Read article More on this topic
 

Blog Post

Emergency Liquidity Assistance: A new lease of life or kiss of death?

Use of Emergency Liquidity Assistance to prop up euro-area banks needs to be more transparent; available evidence suggests its use has not always been within the rules.

By: Francesco Papadia and Leonardo Cadamuro Topic: European Macroeconomics & Governance Date: May 28, 2021
Read article More on this topic
 

Opinion

The ECB needs political guidance on secondary objectives

While EU Treaties clearly stipulate that the ECB “shall support the general objectives of the European Union”, it is not appropriate to simply stand by, wishing that the ECB will use its discretionary power to act on them. Political institutions of the EU should prioritise the secondary goals to legitimise the ECB’s action.

By: Pervenche Béres, Grégory Claeys, Nik de Boer, Panicos O. Demetriades, Sebastian Diessner, Stanislas Jourdan, Jens van ‘t Klooster and Vivien Schmidt Topic: European Macroeconomics & Governance Date: April 22, 2021
Read article More on this topic More by this author
 

Opinion

More Europe or less Europe?

Europe is often a ship with multiple captains. The boat moves forward in calm seas, but when the slightest wind puts it off course, it is not easy to steer that boat. It is not so much a question of more Europe rather than less, but of achieving ‘one Europe’. A ‘more-or-less Europe’ is an invitation to go nowhere.

By: Maria Demertzis Topic: European Macroeconomics & Governance Date: April 14, 2021
Read about event More on this topic
 

Past Event

Past Event

An alpine divide? Comparing economic cultures in Germany and Italy

A discussion of Italian and German macro-economic cultures and performances.

Speakers: Thomas Mayer, Patricia Mosser, Marianne Nessén, Hiroshi Nakaso, Francesco Papadia, André Sapir and Jean-Claude Trichet Topic: European Macroeconomics & Governance Date: April 13, 2021
Read article More on this topic More by this author
 

Opinion

Central banks don’t have to pick winners and losers to fight climate change

Disclosures and financial regulation don’t get enough respect as tools to reduce emissions.

By: Rebecca Christie Topic: Finance & Financial Regulation Date: March 11, 2021
Read article More on this topic More by this author
 

Podcast

Podcast

Can central banks save the planet?

“We are not going to lead our society to a low-carbon economy by continuing to finance the status quo. “

By: The Sound of Economics Topic: Energy & Climate Date: February 24, 2021
Read article More on this topic More by this author
 

Blog Post

A brown or a green European Central Bank?

The European Central Bank portfolio is skewed towards the brown economy, reflecting a bias in the market. Can and should the bank deviate from the market allocation?

By: Dirk Schoenmaker Topic: Energy & Climate Date: February 24, 2021
Read article More on this topic More by this author
 

Opinion

Central banking’s brave new world

Ever since the 2008 financial crisis, central bankers have been busy developing new policy instruments to fight fires and ward off emerging threats. Nonetheless, many secretly dreamed of returning to the good old days of cautious conservatism (with financial stability taken seriously).

By: Jean Pisani-Ferry Topic: Global Economics & Governance Date: February 24, 2021
Load more posts