Opinion

Europe’s banking union must be cyberproofed

The EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks

By: Date: January 30, 2020 Topic: Finance & Financial Regulation

This opinion piece was originally published in Corriere della Sera, Nikkei Veritas and Politico.

Corriere della Sera logo

Politico logo

When European leaders, back in 2012, embarked on an ambitious plan to create a truly pan-continental financial system, they overlooked one important detail: how to protect it from cyberattacks.

Banks have remained closely tied to national governments, including in cases of financial stress, as the so-called banking union is only half-finished. And because the European Union’s cybersecurity authorities are national, banks are also in tight lockstep with their country’s security authorities.

With much of the debate focused on how to facilitate better cross-border banking, the security vulnerabilities emanating from an integrated financial system are hardly discussed. Some policymakers even worry that labeling the financial system as critical infrastructure would stall the banking union agenda.

Ignoring the cyber risks involved would be madness.

Imagine a social media attack that leads to a bank run, as occurred in Bulgaria in 2014, or a large-scale electricity blackout caused by cyberattacks, as happened with the December 2015 Kyiv power outage. We might even see a full-blown attack on a country bigger than Estonia, which was targeted in 2007, or a more extreme case where the payment system goes down for a day.

Ignoring the cyber risks involved would be madness.

Any of these would disrupt the daily lives of millions of people and countless businesses, which rely on continuous access to financial services.

Of course, the prime responsibility for providing those services lies with the financial institutions themselves. In fact, all major financial institutions are investing substantially in cybersecurity. And for good reason: Surveys indicate that the number of cyberattacks are increasing.

But under the current set up, the EU’s financial system is unprepared to respond to such an attack.

Currently, when major attacks happen, the banks’ first port of call is to inform their national authorities, which do not readily exchange information with their counterparts in other countries. The European banking supervisor, the European Central Bank, has to interact with various national security agencies when it comes to cyber occurrences that fall under its remit. And the EU has never conducted a cybersecurity preparedness exercise for the bloc’s financial system — much in contrast with the G7, which undertook such an exercise under the leadership of the French central bank.

The financial system’s vulnerabilities would be exacerbated in a truly pan-European banking union.

Take, for example, an attack on a bank that provides financial services in several countries. What incentives would the national security agency of the country where the bank is headquartered have to address cyber problems in third countries?

In the eurozone, the lack of security cooperation would also harm the provision of financial services, because a cyberattack that undermines trust in payments would immediately be a concern for all euro area countries. Just as money laundering and financial crimes are more than an embarrassment for the ECB, cyber vulnerabilities would threaten the entire common currency area.

At the very least, the EU urgently needs to conduct joint preparedness exercises and create uniform information and disclosure requirements that help build a true pan-European insurance market for cyber risks — an important growth segment in the insurance industry and an important contributor to reducing and assessing risks.

But if the EU wants to truly complete its banking union, it will have to go even further and create a much more tightly integrated cybersecurity infrastructure. The EU’s agency for cybersecurity, ENISA, is small and mostly provides support to national authorities. It could not provide for the cyber safety of a highly integrated European financial system.

European Commission President Ursula von der Leyen, who kickstarted Germany’s cybersecurity infrastructure as the country’s defense minister, should now invest political capital in creating a fully operational cybersecurity authority for the EU. Having one authority would be cheaper than having many national ones, and it would also be more effective, for example when it comes to attracting talent.

It’s time for Europe’s policymakers to send a clear signal: If they integrate further financially, they have to accept much greater levels of security cooperation.

The banking union emerged from an existential financial threat. But unless the EU coordinates better on cybersecurity, it risks becoming a threat itself.


Republishing and referencing

Bruegel considers itself a public good and takes no institutional standpoint.

Due to copyright agreements we ask that you kindly email request to republish opinions that have appeared in print to [email protected].

View comments
Read article Download PDF

Policy Contribution

European Parliament

From climate change to cyber attacks: Incipient financial-stability risks for the euro area

The European Central Bank’s November 2019 Financial Stability Review highlighted the risks to growth in an environment of global uncertainty. On the whole, the ECB report is comprehensive and covers the main risks to euro-area financial stability, we highlight issues that deserve more attention.

By: Zsolt Darvas, Marta Domínguez-Jiménez and Guntram B. Wolff Topic: European Macroeconomics & Governance, European Parliament, Finance & Financial Regulation, Testimonies Date: February 6, 2020
Read article More on this topic

Blog Post

Libra as a currency board: are the risks too great?

The Libra Association claims it will be analogous to a currency board regime, but they have overlooked the problems of monetary management that come with it

By: Julia Anderson and Francesco Papadia Topic: Innovation & Competition Policy Date: January 27, 2020
Read article More on this topic More by this author

Opinion

European capital markets union, by rule and by choice

While the euro is now a leading global currency and the European Central Bank has become a comprehensive banking supervisor, Europe’s markets have been treading water.

By: Rebecca Christie Topic: Finance & Financial Regulation Date: January 23, 2020
Read article More on this topic More by this author

Blog Post

European green finance is expanding, a discount on bank capital would discredit it

If EU banks are to mobilise a greater share of loans for sustainable projects they will need a reliable policy framework, clear internal performance targets and the relevant skills. A discount on bank capital underlying such assets is neither justified nor likely effective. A comprehensive review of how climate risks are reflected in prudential regulation is nevertheless in order

By: Alexander Lehmann Topic: Energy & Climate Date: January 15, 2020
Read article More on this topic

Opinion

Politics, not policy will help Lagarde save the eurozone

Her success at helm of Europe’s central bank will depend on her ability to mend fences with hawkish policymakers.

By: Guntram B. Wolff and Rebecca Christie Topic: European Macroeconomics & Governance Date: November 4, 2019
Read article More on this topic More by this author

Opinion

How to ward off the next recession

Despite confident official pronouncements, the deteriorating state of the global economy is now high on the international policy agenda. The OECD recently revised down its forecasts to 1.5% growth in the advanced G20 economies in 2020, compared to almost 2.5% in 2017. And its chief economist Laurence Boone warned of the risk of further deterioration – a coded way of indicating a growing threat of recession.

By: Jean Pisani-Ferry Topic: Global Economics & Governance Date: October 2, 2019
Read article Download PDF

External Publication

European Parliament

Challenges ahead for the European Central Bank: Navigating in the dark?

Since the second half of 2018, signs of a slowdown have been piling up in the euro area. The ECB will face major challenges in this potentially difficult period: its main tools are nearly exhausted, the monetary union in which it operates is still incomplete, and it lacks the understanding of what the ‘new normal’ looks like. The authors, therefore, urge the ECB to review its strategy and framework to be able to face these challenges.

By: Grégory Claeys, Maria Demertzis and Francesco Papadia Topic: European Macroeconomics & Governance, European Parliament, Testimonies Date: September 25, 2019
Read article More on this topic More by this author

Podcast

Podcast

Deep Focus: What is a hybrid attack?

Hybrid attacks are fast, dynamic and ever-evolving. They can cross borders and span industries. They are best dealt with at the national level, but without international cooperation, nation-states are bound to be overwhelmed. So hybrid attacks must be repelled by responsive nation-states and by cooperative international bodies.

By: The Sound of Economics Topic: Innovation & Competition Policy Date: September 18, 2019
Read article Download PDF

Policy Contribution

European Parliament

Hybrid and cybersecurity threats and the European Union’s financial system

The authors document the rise in hybrid threats and cyber attacks in the European Union. Exploring preparations to increase the resilience of the financial system they find that at the individual institutional level, significant measures have been taken, but the EU finance ministers should advance a broader political discussion on the integration of the EU security architecture applicable to the financial system.

By: Maria Demertzis and Guntram B. Wolff Topic: European Macroeconomics & Governance, European Parliament, Finance & Financial Regulation, Testimonies Date: September 12, 2019
Read article More on this topic More by this author

External Publication

La Banca centrale europea

This external publication delves into the new responsibility given to the European Central Bank: supervision on banks in the euro-area. It tells its history and illustrates its functions, structure and responsibilities and the exceptional answers to respond to the "perfect storm" of the crisis.

By: Francesco Papadia Topic: European Macroeconomics & Governance Date: July 31, 2019
Read article More on this topic More by this author

Blog Post

Croatia’s path into the banking union

Croatia seems a suitable candidate for euro area accession: there is a tight peg to the euro, high public debt is coming down, and the banking sector is already dominated by euro area banks. But the Eurogroup has rightly targeted reforms of the state’s role in the economy as a precondition for participation in ERM II and the banking union. None of the announced reform plans are new or easily concluded within the timeframe that has now been agreed.

By: Alexander Lehmann Topic: European Macroeconomics & Governance Date: July 18, 2019
Read article More on this topic

Blog Post

‘Lo spread’: The collateral damage of Italy’s confrontation with the EU

The authors assess whether the European Commission's actions towards Italy since September 2018 have had a visible impact on the spread between Italian sovereign-bond yields and those of Germany, and particularly whether the Commission’s warnings have acted as a ‘signalling device’ for bond-market participants that it might be difficult for Italy to obtain the support of the ESM or the ECB’s OMT programme if needed.

By: Grégory Claeys and Jan Mazza Topic: European Macroeconomics & Governance Date: July 8, 2019
Load more posts