Financial Crime World

Germany Takes Lead on Cybersecurity in Banking Amid Rising Threats

Strengthening Financial Sector Defenses Against Growing Cyber Threats

In a bid to strengthen the country’s financial sector against growing cyber threats, Germany has made significant strides in cybersecurity. The Federal Ministry of Finance, Bundesbank and Federal Financial Supervisory Authority have worked together with the G7 Cyber Expert Group to develop new guidelines for risk management.

Key Developments

  • G7 Cyber Expert Group: Established in 2015, this group published two reports in 2022 outlining fundamental elements for ransomware resilience and third-party cyber risk management in the financial sector.
  • Reports Adopted by G7 Finance Ministers and Central Bank Governors: In October 2022, G7 finance ministers and central bank governors adopted the reports, which provide specific recommendations for financial institutions to mitigate the increasing threat of ransomware attacks.

Recommendations for Financial Institutions

  • Clear Plan in Place: Banks should have a clear plan in place in case of an attack, including communication strategies with stakeholders and guidelines on whether or not to pay ransoms.
  • Preparedness is Crucial: The emphasis on preparedness is seen as crucial in light of the rising number of successful ransomware attacks targeting financial institutions worldwide.

Update to Previous Guidance

The G7 Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector represent a significant update to previous guidance published in 2018. The growing reliance on third-party service providers, such as IT service providers and software or hardware vendors, has led to an increased risk of cyber attacks via these channels.

Recommendations for Monitoring Risks Along the Supply Chain

  • Identify Systemically Important Third-Party Providers: Financial institutions should identify systemically important third-party providers and manage concentration risks.
  • Monitor Risks Along the Supply Chain: Institutions should monitor risks along the supply chain to ensure that third-party service providers are secure.

Germany’s Efforts Part of Broader G7 Push

Germany’s efforts to strengthen cybersecurity in the financial sector are part of a broader push by G7 countries to enhance their defenses against cyber threats. Since 2016, the group has published general fundamental elements for cybersecurity in the financial sector, as well as guidelines on penetration tests and cyberexercises.