Industries

See all industries

Aerospace, defence & security

Automotive

Capital projects & infrastructure

Consumer markets

Energy, utilities & resources

Engineering & construction

Financial services

Forest, paper & packaging

Government & public services

Healthcare

Hospitality & leisure

Industrial manufacturing

Insurance

Pharmaceuticals & life sciences

Private equity

Technology, media & Telecommunications

Transportation & logistics

Featured

Move fast, think slow: How financial services can strike a balance with GenAI

Take on Tomorrow @ the World Economic Forum in Davos: Energy demand

PwC’s Global Investor Survey 2023

Services

See all services

Alliances and Ecosystems

Audit and assurance services

Business transformation

Consulting

Crisis management

Deals

Entrepreneurial and private business

Family business

Forensics

Legal Business Solutions

Managed Services

Workforce

Strategy

Sustainability and climate change

Tax

Featured

Climate risk, resilience and adaptation

Business transformation

Sustainability assurance

Issues

See all issues

Artificial Intelligence

Business model reinvention

Business transformation

C-suite insights

Cybersecurity

Climate and sustainability

Megatrends

Risk and regulation

Technology

Trust

Upskilling

Value creation

Workforce

Featured

The Leadership Agenda

Global Workforce Hopes and Fears Survey 2024

The s+b digital issue: Corporate “power changers”

About us

See more About Us

Alumni

Analyst relations

Client case studies

Ethics and compliance

Committing to Net Zero

Corporate sustainability

Diversity and inclusion

PwC's Global Annual Review

Global regulatory affairs

Human rights statement

Leadership team

Network governance and structure

New Ventures and Innovation

News room

Our purpose and values

PwC office locations

PwC's Code of Conduct

Strategy Council

Strategy&

Tax Code of Conduct

Third party code of conduct

Transparency Report

Featured

The New Equation

PwC’s Global Annual Review

Committing to Net Zero

Careers

Find out more about careers

Search for a job

Featured

The New Equation

PwC’s Global Annual Review

The Solvers Challenge

Loading Results

No Match Found

Cyber Risk Management

The Cyber Risk Management workstream aids banks in identifying, quantifying, managing, and monitoring risks related to IT and information security.

Introduction

Cyber Risk Management is a priority within the European banking sector, involving a continuous cycle of identifying, quantifying, managing, and monitoring IT and information security risks. This process is vital for ensuring the integrity and resilience of banking operations in the EU.

In line with this, the ECB, EBA, and the SRB are rigorously monitoring developments in this area. These bodies issue comprehensive regulations and informative newsletters, and conduct verification measures, including on-site inspections, to evaluate the effectiveness of cyber risk controls at supervised banks. Their diligent oversight helps maintain robust cybersecurity practices across the financial sector, protecting institutions from evolving cyber threats.

Challenges

Coordinating DORA compliance efforts
Cyber resilience stress testing
Grasping ECB/EBA/SRB's priorities on Cyber Risk Management
Managing OSI

Coordinating DORA compliance efforts

Simultaneously managing multiple compliance projects associated with the Digital Operational Resilience Act (DORA), each under tight deadlines. This demands the deployment of diverse expertise and the implementation of accelerators to streamline adjustments and optimise the efficiency of the associated investments.

Cyber resilience stress testing

Managing requests from the ECB that align with declarations made during stress testing exercises and conform to market best practices. This involves not only responding effectively to specific demands but also ensuring that cyber resilience strategies are robust and reflect the highest industry standards. This necessitates continuous adaptation and enhancement of their cybersecurity measures to meet evolving regulatory expectations and safeguard against potential vulnerabilities.

Grasping ECB/EBA/SRB's priorities on Cyber Risk Management

Keeping abreast of the ECB/EBA/SRB's priorities and expectations regarding Cyber Risk Management and integrating these priorities into cyber security strategies. This requires proactively aligning risk management practices with these guidelines to ensure adequate preparedness for regulatory scrutiny and able to mitigate potential cyber threats effectively.

Managing OSI

Effectively managing On-Site Inspections (OSIs) to ensure they accurately represent the actual cybersecurity measures and practices in place. This requires meticulous preparation and transparency to demonstrate compliance and operational resilience to inspectors. This requires that reported processes and implemented controls are clearly documented and accessible, aligning closely with regulatory expectations and industry standards to successfully navigate these rigorous evaluations.

How we can help

PwC has supported numerous banks in various of Cyber Risk Management projects.

As a leading consulting firm, we can work with your organisation to deliver high-quality outcomes across all aspects of Cyber Risk Management. We can also advise on value-adding initiatives, identify areas requiring enhancement, and support clients on ensuring compliance with regulatory requirements.

We can assist you with the following topics:

Conducting gap analyses and developing remediation plans, as well as in crafting a roadmap for the implementation of solutions mandated by regulations. Our capabilities extend to addressing all organisational and technological requirements, supported by solid experience and valuable partnerships.

Supporting in managing exercises to assess scenarios proposed by the ECB, including estimating impacts and recovery times at the EU level. Our services also include handling requests for clarification from regulatory authorities and managing the planning of remediation initiatives.

Supporting in the management of requests within the ECB/EBA/SRB framework, aimed at providing comprehensive information about the measures planned to protect relevant data in the event of resolution.

Supporting in the preparation for OSIs by organising training for personnel involved and critically reviewing existing documents and processes. Our approach enhances these elements from the perspective of meeting regulatory expectations, ensuring that your organisation is well-prepared for the inspection.

Contact us

Paolo Carcano

Cyber Risk Management Workstream Lead, Partner, PwC Italy

Tel: +39 334 689 6335

PwC office locations Site map Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.