European Central Bank proposes framework to strengthen financial system’s defenses

The European Central Bank (ECB) wants to make penetration testing a regular practice.
A logo of the European central bank.

The European Central Bank (ECB) has published a framework for testing the preparedness of Europe’s financial systems for cyberattacks. 

The European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU), released on May 2, is the first Europe-wide plan for strengthening the cyberdefenses of the European Union’s banks, stock exchanges and other financial institutions. 

In practice, TIBER-EU-based tests would employ teams of external hackers to find and exploit weaknesses in the cyberdefenses of the organizations being tests. This method, known as penetration testing, is widely used in the private sector. 

Determining if and when a TIBER-EU-based test will be performed is up to the “relevant authorities,” the ECB said in a press release. 


“Tests will be tailor-made and will not result in a pass or fail – rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity,” the release read. 

The European Union has seen a spike in cyberattacks targeting financial systems over the past two years. In April, the joint committee of the EU supervisory authorities said cyberattacks were one of two key risks to the EU financial system. 

Latest Podcasts