1 minute read
Monthly summary reports Critical alerts
Monthly
Single Excel Worksheet
Interim report(s): one Excel worksheet per report
Closing report: Single Excel worksheet
Institutions were required to communicate in their monthly reports any IT security incident that, as a result of an unforeseen event, had an adverse impact on their IT network or information systems and the data stored within or processed by them. Furthermore, a number of incidents may be considered critical on the basis of the criteria developed by the CBH (involvement of systems supporting critical functions, disclosure of customer data or financial sector secrets such as bank or securities secrets), and these incidents had more detailed reporting requirements. Critical incidents were subject to three levels of reporting: the initial report, the interim report, and the final report. The following incidents were to be considered critical in all cases:
• events that attract the attention of the press,
• unauthorised access to personal data of multiple customers involving bank secrets, payment secrets, insurance secrets, securities secrets, or fund secrets (e.g., data leakage, successful phishing),
• unauthorised activity in the IT system (e.g., external or internal fraud) resulting in data modification involving multiple customers,
• services considered critical based on the institution’s Business Impact Analysis (BIA), that are expected to be down for more than 1 hour or below normal service levels, with a specific focus on:
• electronic channels (online sales channels, payment cards, Internet banking and electronic payments),
• account management in the case of credit institutions, investment companies and investment funds.
The explicit aim of the project was that the results of the analysis of the data collected and processed through the new structure and wider incident reporting would provide a more accurate picture of threat areas and trends, where sufficient data was not available in the previous period. Another objective was to test the new form of the reporting process in a live environment. This will provide valuable practical “field experience” to support future efforts and initiatives to improve incident reporting systems and processes. During the Pilot Project, the participating institutions reported incidents in the new structure and on a broad scale. With the end of the Pilot Project, the next phase of the “Cyber Threat Landscape” publication project was the development of this report.
