ENISA - Securing the EU’s Finance Sector: Prospects and Priorities from the NIS perspective
January 2015 by ENISA
ENISA has published its latest research on Network and Information Security (NIS) for the EU’s Finance Sector, with information on the regulatory landscape and Industry priorities, at a strategic and governance level.
The research aims at understanding and comparing the obligations relevant to Information Security within the finance sector in most of the EU28 Member States; to compare them with the Industry’s prospects; and to draw a clear vision of important priorities for the future.
In addition, the study aims to understand the differences between the objectives of regulations and the priorities in the industry and reveals the different approaches in the EU28 Member States relating to NIS supervision. The work is based on a stock taking approach including:
1. Identification of national NIS requirements;
2. Interviews with national financial supervisory authorities, European authorities and Industry representatives.
The report reveals several desirable objectives:
the convergence of supervision practices on NIS matters,
the need for clear definitions of guidelines for both compliance and good practices,
the need to improve proactive cooperation on NIS challenges.
The study shows that large international banking groups demonstrate a good understanding of the Risk Landscape and the available Security schemes. Many banks have introduced enhanced good practices especially in the area of IT governance, while medium-sized stakeholders demonstrate limited top management involvement and capacity to be certified against current international standards, and a de-prioritisation of security investments. Differences as such are to be expected. The aim is to understand where such prospects could actually impair financial resilience altogether.
ENISA’s Executive Director, Udo Helmbrecht commented: “Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of prevention and protection measures in all sectors, naturally including the finance sector. ENISA will continue to contribute in improving information security baselines and supporting cooperation initiatives in the finance sector through its expertise. By supporting the ECB and European Finance sector’s Authorities in organising stress tests, enabling secure usage of Cloud-based services and developing a guidebook on pan-European security measures”.
The report is primarily intended for CISOs/CIOs/CTOs of the Finance sector, NIS Experts in National Financial Supervisory Authorities, NIS Experts in the ESFS (EBA, ESMA, EIOPA), and Professional Associations. A number of recommendations are proposed with regards to the future of NIS in the Finance sector, along with high-level background information related to the specifics of the European Finance System.