Executive summary
Cyber incidents are rapidly growing in frequency and sophistication. At the same time, the cyber threat landscape is expanding amid digital transformation, increased dependencies on third-party service providers and geopolitical tensions. The interconnectedness of the global financial system makes it possible that a cyber incident at one financial institution (FI) (or an incident at one of its third-party service providers) could have spill-over effects across borders and sectors.
Recognising that timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability, the G20 asked the FSB to deliver a report on achieving greater convergence in cyber incident reporting (CIR). To meet this call, the FSB conducted work to promote greater convergence in CIR in three ways: (i) setting out recommendations to address the issues identified as impediments to achieving greater harmonisation in incident reporting; (ii) enhancing the Cyber Lexicon [FSB (2023), Cyber Lexicon: Updated in 2023, April.] to include additional terms related to CIR as a 'common language' is necessary for increased convergence; and
(iii) identifying common types of information that are submitted by FIs to authorities for CIR purposes, which culminated in a concept for a common format for incident reporting exchange (FIRE) to collect incident information from FIs and use between themselves. FIRE would be flexible to allow a range of adoption choices and include the most relevant data elements for financial authorities.