ESMA publishes risk analysis on systemic cyber threats and operational resilience in EU financial markets
The European Securities and Markets Authority (ESMA) has published a risk analysis article examining the systemic importance of cyber risk in EU financial markets, with a focus on measurement and stress simulation. It highlights the growing frequency and sophistication of cyber incidents and the challenges they pose for financial stability, particularly in terms of risk assessment and monitoring. The article introduces conceptual frameworks to understand how individual cyber events can become systemic, focusing on exposures, shock propagation and impact. Drawing on data from the Securities Financing Transactions Regulation (Regulation (EU) 2015/2365) (SFTR), it also underscores the role of the Digital Operational Resilience Act (DORA), which establishes a harmonised framework for digital operational resilience and a reporting regime for major information and communication technology (ICT) incidents by EU financial institutions.