Regulatory

Global: ECB Directs Banks to Develop Action Plans Against AI-Driven Cyber Threats

0
ECB Directs Banks to Develop Action Plans Against AI-Driven Cyber Threats

The European Central Bank (ECB) has instructed major banks across the euro area to develop comprehensive action plans to strengthen their resilience against artificial intelligence (AI)-enabled cyber threats, warning that emerging AI models could significantly alter the cybersecurity risk landscape for the financial sector.

The directive follows growing concerns among regulators worldwide over the increasing capabilities of advanced AI systems, including cybersecurity-focused models such as Anthropic’s Mythos, which the ECB said could have far-reaching implications for the security and resilience of financial institutions’ technology infrastructure.

Banks Given October Deadline

In a letter addressed to the chief executives of significant banking institutions, the ECB requested that banks submit detailed action plans by the end of October outlining how they intend to mitigate AI-related cybersecurity risks.

To allow institutions to prioritise this work, the central bank also extended the deadline for its separate Information Technology (IT) risk questionnaire to February 2027.

Immediate Priorities

The ECB urged banks to take immediate steps to strengthen their cybersecurity posture by accelerating software patch management across their systems, improving threat monitoring and detection capabilities, and reinforcing oversight of third-party technology providers.

The central bank also emphasised the importance of protecting internet-facing systems, perimeter technologies, third-party software, and open-source components, describing these assets as critical areas requiring enhanced safeguards as AI-powered cyber threats continue to evolve.

According to the ECB, strengthening these areas will better position financial institutions to respond to increasingly sophisticated cyberattacks enabled by artificial intelligence.

Long-Term Operational Resilience

Beyond immediate defensive measures, the ECB encouraged banks to modernise legacy technology infrastructure and strengthen their long-term operational resilience.

Recommended measures include improving incident response and recovery capabilities, enhancing crisis management frameworks, and expanding information-sharing arrangements to improve collective preparedness against emerging cyber threats.

The regulator indicated that financial institutions should view AI-related cybersecurity risks as part of a broader technology risk management strategy rather than as isolated threats.

Quantum Computing Also on Regulatory Agenda

The ECB noted that artificial intelligence is not the only emerging technology expected to reshape cybersecurity risks in the financial sector.

It informed banks that additional regulatory guidance addressing the potential cybersecurity implications of quantum computing will be issued separately in the future.

European Risk Watchdogs Raise Concerns

The European Systemic Risk Board (ESRB) has also warned that frontier AI models present new systemic cybersecurity challenges for financial institutions.

According to the ESRB, while advanced AI technologies are expected to strengthen cyber resilience over the long term, they may provide cybercriminals with enhanced capabilities in the short to medium term by enabling faster identification of software vulnerabilities and more sophisticated cyberattacks.

The board also highlighted strategic concerns arising from the concentration of leading AI developers outside the European Union, warning that reliance on foreign AI providers could create broader geopolitical and technology dependency risks for the region.

The ECB’s latest directive reflects growing regulatory efforts to ensure financial institutions strengthen cyber resilience as artificial intelligence becomes increasingly integrated into both defensive security systems and the evolving threat landscape.

Global: UK Fintech Kord Raises £6.4 Million to Expand Digital Identity and Payment Solutions

Previous article

You may also like

Comments

Comments are closed.

More in Regulatory