The test is unrelated to the bank’s high-profile technology outage last year, during which thousands of customers lined up to withdraw cash. This meant that customers could overdraw their accounts without permission.
The visit comes as part of a broader so-called thematic stress test to assess how well the euro zone’s 109 largest and most important banks can recover from a successful major cyber attack.
Only some of the 28 banks have been the subject of the most intensive investigation, with field visits showing that Bank of Ireland is also included in this group.
“This exercise tests how banks respond to cyber-attacks, not their ability to prevent them.”
Other large banks will be evaluated on an equal footing, but supervisors will have access to their technical specifications and crisis response procedures.
The results of the survey are expected to be published in the summer. Bank-specific results will be discussed during the ECB’s 2024 supervisory review and evaluation process.
The stress tests, which test a bank’s ability to recover from a potential cyberattack, are different from the ECB’s regular stress tests, which test a bank’s ability to financially cope with a possible economic crisis.
These stress tests are conducted every two years, with one-off thematic examinations such as the Cyber Resilience Probe conducted in between.
The ECB announced a cyber investigation plan in response to Russia’s invasion of Ukraine, raising concerns that the escalation of the conflict could lead to an increase in hacking and cyber-vandalism.
Technical resiliency in the financial system in general, whether or not bad actors are involved, has become a major concern for regulators and bankers.
The ECB said earlier this year that its examinations would not examine whether banks could withstand attacks, but how well they could restore services after successfully breaching their cyber defenses.
“This exercise will assess not banks’ ability to prevent cyber-attacks, but how they respond to and recover from cyber-attacks,” the ECB said in a statement.
“Banks will then test response and recovery measures, including activating emergency procedures and contingency plans, and restoring normal operations.”
The ECB said in a statement yesterday that the cyber resilience test will not affect bank-specific capital requirements and will be part of a broader supervisory assessment.