Financial Institutions and Cybercrime
Although cyber-attacks have so far had a limited impact on the French financial sector, they represent a serious threat to IT security, business continuity and data protection for banking institutions and insurance companies. The emergence of these new risks is a matter of special attention for the supervisors. Regulations on internal control and management of operational risk form the cornerstone of the prevention frameworks already in place, that have to be completed by the development of a proactive monitoring allowing to identify the evolving threats and to define the appropriate protection tools. The ACPR considers that progress has to be made in priority in implementing more efficient access right management and IT intrusion detection systems. Cooperation between public and private stakeholders is key, both for conducting industry-wide exercises allowing to test the companies’ robustness and for improving the identification of threats with an increased exchange of information. Finally, the action of the supervisor must be part of a European or international framework, in order to ensure the coordination of initiatives.