In view of the increasing sophistication and pervasiveness of cyber threats in the financial sector, the Bank of Italy, the National Commission for Companies and the Stock Exchange (Consob) and the Italian Institute for the Supervision of Insurance (IVASS) have jointly adopted the TIBER-IT National Guidance as a reference method for individual financial entities to conduct advanced cybersecurity tests on a voluntary basis.
This Guidance is the national transposition of the Threat Intelligence‑Based Ethical Red teaming framework (TIBER-EU), issued by the ECB, a reference model for conducting advanced cybersecurity tests harmonised at the European level.
Financial entities carry out these tests, led by the cyber threat intelligence and according to their business and operating models and the relative risk scenarios. The goal is to strengthen the proactive defence capabilities of individual financial entities, making it possible improve the cyber resilience of the financial system as a whole and, therefore, its overall stability.
The Guidance is primarily addressed to the major operators and critical infrastructures of the financial system to ensure the continuity of key economic functions and services as well as their security and reliability, in line with the digital development of the economy and society.
Further details on the purpose and target audience of the Guidance, as well as on the testing methodology, are available in the Joint Communication by the three Authorities, namely the Bank of Italy, Consob and IVASS, and in the TIBER-IT National Guidance.