What is cybersecurity?
Cybersecurity is the set of activities designed to ensure the confidentiality, integrity and availability of information and/or information systems. In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved.
Why is cybersecurity important?
In today's connected and digitized world, it is important that the general public, operators, businesses and institutions have the awareness and preparation needed to protect their own data and information, both in general and when using online financial services (e.g. transactions using payment or investment apps, cards, etc.). On an individual level, cyberattacks can lead to identity theft, extortion attempts, loss of sensitive data, fraud, and significant financial loss.
Similarly, it is important for financial system operators to protect their assets, infrastructure and information systems from cyber threats, because we are all dependent on critical infrastructure such as power plants, hospitals, or businesses providing financial services (e.g. banks, financial market infrastructures, ICT and network infrastructures).
Protecting ourselves from cyber risk, as individuals, operators, companies and service providers, is essential to keep our society functioning and guarantee the security of the economic and financial activities of all members of the public, operators, businesses and administrations.
What is cyber risk?
Cyber risk is defined as the combination of the probability of cyber incidents occurring and their impact.
Why is it important to ensure cybersecurity in the financial system?
The financial sector is making increasingly greater use of technology and is open to innovation. While the digital transformation process brings benefits to the economy and to users in terms of the reliability, efficiency and range of available services, it also exposes them to new risks. Cybersecurity risks are chief among these.
As well as being exposed to operational incidents, the financial system is a particularly attractive target for cyber criminals, who are able to conduct highly profitable operations and pursue multiple objectives by striking different targets at once and carrying out interconnected criminal acts (such as extortion, data and sensitive information theft, and money laundering).
Given the high degree of technological intensity and the level of interconnection in the activities of operators, cyber risk can easily spread among different entities and sectors. Under certain conditions, it could produce systemic impacts and ripple effects which, in extreme cases, may affect the continuity of service of individual or multiple operators and, potentially, the financial stability and the proper functioning of the economy.
Cyber risks are equally insidious for end-users, whether they be young people, members of the public or businesses, all of whom increasingly rely on digital financial services, such as home banking or online payment systems, including those that operate through mobile devices.
Cyber risk is therefore a particularly insidious and complex challenge for the financial system, and requires the collaboration of all stakeholders ‒ authorities, operators, users and the public.
What is the role of central banks and financial system authorities in addressing cyber risk?
Central banks and the financial system authorities are tasked with ensuring of the availability of the financial system and that it functions properly and securely.
They are committed at national, European and international level to the digitization of financial services while ensuring their safety and sustainability, in cooperation with other institutions and operators.
Why does Banca d'Italia deal with cybersecurity in the financial system?
Cyber risk poses a significant threat to the financial system, to participants and to the public. Banca d'Italia is responsible for ensuring:
- the stability and continuity of service of the financial system. By law, Banca d'Italia is responsible for safeguarding the stability of the national financial system. To this end, Banca d'Italia exercises micro-prudential supervision over individual financial institutions and implements macro-prudential policies geared towards the system as a whole;
- adequate and updated rules to prevent and combat cyber risk. In liaison with the various national, European and international forums, Banca d'Italia contributes to defining and implementing standards and rules to strengthen the cyber resilience of individual institutions and the system as a whole;
- the smooth functioning of supervision and oversight activities, in accordance with its legal mandate;
- cooperation with the authorities in the financial sector and other sectors;
- public-private cooperation and information sharing on cyber risks, through initiatives such as CERTFin and the ECRB;
- improved risk awareness, as well as the financial protection, awareness and education of users.
