2. Practical issues and challenges to achieving greater convergence in CIR
The 2022 survey augmented and refined the stocktake in 2021 [FSB (2021).], delving more deeply into understanding: (i) the most common reporting objectives for financial authorities; (ii) the types of incident reporting used to support common objectives; (iii) impediments to sharing information between financial authorities; (iv) the information items exchanged as part of incident data collections; (v) aspects considered for impact/materiality thresholds that trigger reporting obligations; and (vi) practical issues financial authorities and FIs have in collecting or using the reported cyber information. This work identified many commonalities in CIR frameworks across jurisdictions and sectors. This includes commonalities in reporting objectives, the types of data collected on incidents and the use of criteria or materiality thresholds to trigger FIs' reporting obligations (i.e. institution-initiated reporting). (See Annex A for more analysis of the survey findings.)