Opinion

Europe’s banking union must be cyberproofed

The EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks

By: Date: January 30, 2020 Topic: Finance & Financial Regulation

This opinion piece was originally published in Corriere della Sera, Nikkei Veritas and Politico.

Corriere della Sera logo

Politico logo

When European leaders, back in 2012, embarked on an ambitious plan to create a truly pan-continental financial system, they overlooked one important detail: how to protect it from cyberattacks.

Banks have remained closely tied to national governments, including in cases of financial stress, as the so-called banking union is only half-finished. And because the European Union’s cybersecurity authorities are national, banks are also in tight lockstep with their country’s security authorities.

With much of the debate focused on how to facilitate better cross-border banking, the security vulnerabilities emanating from an integrated financial system are hardly discussed. Some policymakers even worry that labeling the financial system as critical infrastructure would stall the banking union agenda.

Ignoring the cyber risks involved would be madness.

Imagine a social media attack that leads to a bank run, as occurred in Bulgaria in 2014, or a large-scale electricity blackout caused by cyberattacks, as happened with the December 2015 Kyiv power outage. We might even see a full-blown attack on a country bigger than Estonia, which was targeted in 2007, or a more extreme case where the payment system goes down for a day.

Ignoring the cyber risks involved would be madness.

Any of these would disrupt the daily lives of millions of people and countless businesses, which rely on continuous access to financial services.

Of course, the prime responsibility for providing those services lies with the financial institutions themselves. In fact, all major financial institutions are investing substantially in cybersecurity. And for good reason: Surveys indicate that the number of cyberattacks are increasing.

But under the current set up, the EU’s financial system is unprepared to respond to such an attack.

Currently, when major attacks happen, the banks’ first port of call is to inform their national authorities, which do not readily exchange information with their counterparts in other countries. The European banking supervisor, the European Central Bank, has to interact with various national security agencies when it comes to cyber occurrences that fall under its remit. And the EU has never conducted a cybersecurity preparedness exercise for the bloc’s financial system — much in contrast with the G7, which undertook such an exercise under the leadership of the French central bank.

The financial system’s vulnerabilities would be exacerbated in a truly pan-European banking union.

Take, for example, an attack on a bank that provides financial services in several countries. What incentives would the national security agency of the country where the bank is headquartered have to address cyber problems in third countries?

In the eurozone, the lack of security cooperation would also harm the provision of financial services, because a cyberattack that undermines trust in payments would immediately be a concern for all euro area countries. Just as money laundering and financial crimes are more than an embarrassment for the ECB, cyber vulnerabilities would threaten the entire common currency area.

At the very least, the EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks — an important growth segment in the insurance industry and an important contributor to reducing and assessing risks.

But if the EU wants to truly complete its banking union, it will have to go even further and create a much more tightly integrated cybersecurity infrastructure. The EU’s agency for cybersecurity, ENISA, is small and mostly provides support to national authorities. It could not provide for the cyber safety of a highly integrated European financial system.

European Commission President Ursula von der Leyen, who kickstarted Germany’s cybersecurity infrastructure as the country’s defense minister, should now invest political capital in creating a fully operational cybersecurity authority for the EU. Having one authority would be cheaper than having many national ones, and it would also be more effective, for example when it comes to attracting talent.

It’s time for Europe’s policymakers to send a clear signal: If they integrate further financially, they have to accept much greater levels of security cooperation.

The banking union emerged from an existential financial threat. But unless the EU coordinates better on cybersecurity, it risks becoming a threat itself.


Republishing and referencing

Bruegel considers itself a public good and takes no institutional standpoint.

Due to copyright agreements we ask that you kindly email request to republish opinions that have appeared in print to [email protected].

Read about event More on this topic
 

Past Event

Past Event

The Sound of Economics Live: The macroeconomic policy response to the COVID-19 crisis

Which macroeconomic policy response is the best option to deal with the crisis currently unfolding and will ensure that the recovery will be as quick as possible?

Speakers: Grégory Claeys, Giuseppe Porcaro, Lucrezia Reichlin and Guntram B. Wolff Topic: European Macroeconomics & Governance Location: Bruegel, Rue de la Charité 33, 1210 Brussels Date: March 31, 2020
Read article Download PDF More on this topic
 

External Publication

Facing the lower bound: what will the ECB do in the next recession?

In responding to the global financial crisis, the ECB has pushed its monetary policy into unchartered territories . Today, it appears increasingly constrained by persistently low interest rates. This paper seeks to understand this challenge and assess whether its toolkit would allow the ECB to weather a European recession.

By: Aliénor Cameron, Grégory Claeys and Maria Demertzis Topic: European Macroeconomics & Governance Date: March 27, 2020
Read article
 

Blog Post

COVID-19 Fiscal response: What are the options for the EU Council?

It is time for the EU Council to make quick progress on the fiscal front and announce something as soon as possible to show that it taken full measure of the severity of the situation.

By: Grégory Claeys and Guntram B. Wolff Topic: European Macroeconomics & Governance Date: March 26, 2020
Read about event More on this topic
 

Past Event

Past Event

The Sound of Economics Live: Banks and Loan Losses in the Pandemic Turmoil

At this online event we will record an episode of the Sound of Economics, Bruegel's podcast series. In this episode, we discuss the implications of the coronavirus crisis on financial stability and credit availability.

Speakers: Giuseppe Porcaro, Nicolas Véron and Guntram B. Wolff Topic: Finance & Financial Regulation Date: March 25, 2020
Read article More on this topic
 

Blog Post

Coronavirus and the politics of a common fiscal instrument

Coronavirus means many European Union countries will soon face major increases in their sovereign debt burdens, exacerbated by the sudden collapse of economic activity. What should the European Union do to address these debt problems?

By: Mark Hallerberg and Stavros Zenios Topic: European Macroeconomics & Governance Date: March 25, 2020
Read article More on this topic More by this author
 

Blog Post

What should be done to reduce euro-area spreads?

Spreads are rising again in the euro-area at the worst possible time, when fiscal policy is needed to fight the coronavirus pandemic and the related economic shock. This blog post reviews the main options available to European policymakers, their feasibility and potential effectiveness to deal with this issue.

By: Grégory Claeys Topic: European Macroeconomics & Governance Date: March 18, 2020
Read article More on this topic More by this author
 

Opinion

The European coronavirus response must be a solution, not more stigma

Lagarde needs a different bazooka in responding to a natural disaster like COVID-19.

By: Rebecca Christie Topic: European Macroeconomics & Governance Date: March 18, 2020
Read article More on this topic More by this author
 

Blog Post

Be bold now: coronavirus, the Eurogroup and fiscal safety nets

This blog post sketches two scenarios: one in which countries provide a large fiscal safety net to companies and another in which they do not. Both lead to similar debt-to-GDP ratios in 2021, but the safety net leads to a smaller and shorter recession and a quicker rebound. We then discuss how to fund a large response without fragmenting the euro area. Until the lockdowns end, such measures should be implemented.

By: Guntram B. Wolff Topic: European Macroeconomics & Governance Date: March 17, 2020
Read article More on this topic
 

Blog Post

Inflation targets: revising the European Central Bank’s monetary framework

The ECB is looking to evaluate whether its definition of price stability is effective in helping anchor inflation expectations. We argue that the current definition does not make for a very good focal point. To become a focal point the ECB needs to do two things. Price stability should be defined as inflation at 2 percent,. Remove therefore the unnecessary ambiguity of "below but close to 2 percent". But that is not enough. Around that 2 percent, the ECB should say which levels of inflation it is prepared to tolerate. There need to be explicit bands defined around that 2 percent to provide a framework for economic agents to evaluate Central Bank performance. And as the ECB will have to operate under high levels fo uncertainty these bands need to be wider than tolerance of inflation between 1 and 3 percent, which is what many inflation targeting Central Banks have tolerated over the years.

By: Maria Demertzis and Nicola Viegi Topic: European Macroeconomics & Governance Date: February 20, 2020
Read article Download PDF
 

Policy Contribution

European Parliament

From climate change to cyber attacks: Incipient financial-stability risks for the euro area

The European Central Bank’s November 2019 Financial Stability Review highlighted the risks to growth in an environment of global uncertainty. On the whole, the ECB report is comprehensive and covers the main risks to euro-area financial stability, we highlight issues that deserve more attention.

By: Zsolt Darvas, Marta Domínguez-Jiménez and Guntram B. Wolff Topic: European Macroeconomics & Governance, European Parliament, Finance & Financial Regulation, Testimonies Date: February 6, 2020
Read article More on this topic
 

Blog Post

Libra as a currency board: are the risks too great?

The Libra Association claims it will be analogous to a currency board regime, but they have overlooked the problems of monetary management that come with it

By: Julia Anderson and Francesco Papadia Topic: Innovation & Competition Policy Date: January 27, 2020
Read article More on this topic More by this author
 

Opinion

European capital markets union, by rule and by choice

While the euro is now a leading global currency and the European Central Bank has become a comprehensive banking supervisor, Europe’s markets have been treading water.

By: Rebecca Christie Topic: Finance & Financial Regulation Date: January 23, 2020
Load more posts