The European Central Bank (ECB) issued a stark warning on Wednesday, revealing that euro zone banks have suffered substantial financial losses due to technological contractors failing to deliver on their commitments. This caution comes alongside broader concerns about the banking sector’s approach to cybersecurity risks.
Conducting a comprehensive survey among the banks under its supervision this year, the ECB conducted 22 inspections since 2020 to evaluate banks’ preparedness in handling various risks, including cybersecurity threats, system obsolescence, and the reliability of contracted services.
IT spending by banking, financial services and insurance (BFSI) globally is projected to grow just 3 percent in 2023 compared with 10 percent in 2022, according to a news report. For Most IT service companies, BFSI is the one of the top revenue generating segments.
According to the ECB’s findings, the failure of tech contractors to meet their obligations led to losses of 148 million euros ($160.59 million) in 2022 alone. This staggering figure represents a 360 percent increase from the previous year and primarily resulted from unavailability or poor quality of outsourced services.
The ECB emphasized that these financial setbacks were isolated incidents within specific institutions rather than indicative of a broader sectoral trend. However, it also highlighted that banks frequently fell short in adequately addressing IT security requirements within their outsourcing arrangements.
The shift toward cloud-based services has led banks to increasingly rely on outsourcing, with their cloud expenses surging by 56 percent in 2022. These expenses now constitute 3.1 percent of the total IT spending by banks, as reported by the ECB.
Beyond the specific issue of contractor reliability, the ECB’s assessment revealed pervasive and severe inadequacies in how banks approach cybersecurity. Many banks demonstrated an inability to identify all potential risks and lacked the necessary systems to detect and respond to cyber incidents effectively.
Expressing concern, the ECB demanded immediate and tangible actions from all banks under its direct supervision to align their IT and cybersecurity risk management with supervisory expectations. It further noted that banks subject to inspections have already received specific recommendations to address identified shortcomings.
This warning from the ECB underscores the critical need for euro zone banks to fortify their cybersecurity measures and exercise stringent oversight over their tech contractor engagements. Failure to do so could lead to not only financial losses but also compromise the stability and trustworthiness of the banking sector as a whole.
