Skip to main content
Version date: 13 April 2023 - onwards

Annex A: 2022 Survey findings

This annex summarises the findings drawn from the responses received on the survey conducted in February 2022 related to financial authorities' reporting objectives, types of reporting and reporting criteria.

1. Reporting objectives

Financial authorities use information from cyber incidents for different purposes depending on, for instance, their respective mandates. From an initial set of 10 unique responses, the list was further consolidated to six reporting objectives as follows:

A. To support management of the impacts arising from a cyber incident at one or more institutions (87%)

B. To play an active role in the technical resolution of a cyber incident at one or more institutions (13%)

C. To build understanding and/or support coordination of sector-wide cyber incidents (96%)

D. To inform supervisory understanding of the risk profile and/or capabilities at affected institutions (83%)

E. To identify potential weaknesses or areas for improvement in current regulation or requirements (78%)

F. To provide a consolidated source of incident data, trends, threats and/or risks across peer firms or the financial sector as a whole (87%)