Navigation

zur Suche

You are here:

13 October 2022

G7 countries adopt reports on cybersecurity

Cybersecurity in the financial sector remains of key importance for the G7 countries. The G7 Cyber Expert Group established in 2015 to address this issue, represented in Germany by the Federal Ministry of Finance, the Bundesbank and the Federal Financial Supervisory Authority, drew up two additional reports during Germany’s G7 presidency this year that set out fundamental elements for risk management.

These were adopted by the G7 finance ministers and central bank governors in October 2022 and are of an advisory nature.

The G7 Fundamental Elements of Ransomware Resilience for the Financial Sector [pdf, 506KB] contain specific recommendations for financial market agents as to how they can address the increasing threat of ransomware attacks. Financial institutions should prepare themselves for a potential attack by clarifying in advance the measures to be taken in such an event, e.g. communication with stakeholders or ransom payment issues.

The G7 Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector [pdf, 250KB] represent an update to the fundamental elements published on this topic back in 2018. The increasing use of service providers in the area of information and communication technology (third parties) by financial institutions and new forms of cyberattacks via third parties have made this update necessary. The update includes, for example, explicit recommendations for monitoring risks along the supply chain, which, in a nutshell, may refer to any procurement of ICT services – i.e. the deployment of IT service providers or the use of software or hardware, or a combination of these. The revised fundamental elements also contain recommendations for public authorities, such as identifying systemically important third-party providers and concentration risks.

Besides the fundamental elements just adopted, general fundamental elements for cybersecurity in the financial sector as well as for penetration tests and cyberexercises, amongst other things, have been published since 2016.