The stability of the financial system is closely intertwined with other critical sectors of society, highlighting the need for comprehensive cyber risk management across various industries. As digitalization continues to advance, not only the financial sector but also other essential sectors face increasing exposure to cyber threats, which could have indirect implications for financial stability. Sustaining the functionality of the financial system relies on maintaining vital societal functions such as electricity supply, data management, and telecommunications. In the event of large-scale cyber incidents affecting these functions, the stability of the financial system is likely to be affected as well. Hence, cyber security is a national concern that should be addressed collaboratively, impacting both the financial sector and other crucial sectors.
Recognizing the national significance of cybersecurity, coordinated efforts and actions at a national level become imperative. The rationale behind considering multiple sectors at the national level aligns with the reasons for involving diverse actors within the financial sector. Certain challenges at the national level are so comprehensive that individual actors or sectors alone are unlikely to implement adequate measures to address them. Thus, national coordination becomes necessary to enhance society’s overall resilience against cyber incidents, just as coordination within the financial sector is crucial for the resilience of the financial system.
One initiative aimed at bolstering resilience to cyber incidents, benefiting both society at large and the financial system, is the establishment of the National Cyber Security Centre (NCSC). This collaborative venture involves four authorities: the National Defence Radio Establishment, the Swedish Armed Forces, the Swedish Civil Contingencies Agency, and the Swedish Security Service. By intensifying cooperation in the field of cyber security, these authorities can effectively coordinate prevention and response efforts related to cyber incidents. The NCSC’s authorities also offer guidance and support regarding cyber risks while serving as a national platform for collaboration and information exchange with both public and private actors invested in cyber security.
As part of the NCSC, a pilot project involving a financial sector cooperation forum has been initiated. The forum brings together private actors, trade organizations, and authorities closely linked to the NCSC, including Finansinspektionen (Swedish Financial Supervisory Authority), the Riksbank (Swedish central bank), and the Swedish National Debt Office. This collaborative platform facilitates discussions on cyber security issues specific to the financial sector.
Recent announcements reveal that the Swedish Defence Radio Agency will assume responsibility for the national cyber security centre. This change in authority opens opportunities to expand the center’s assignments beyond its current scope. For example, the center could actively contribute to the systematic cyber security efforts of government agencies by outlining IT system requirements for specific types of procurement. It could also facilitate information sharing resulting from security reviews conducted by various authorities. The centralization of cyber security authority would streamline communication on IT system vulnerabilities to both public and private actors. Moreover, it would ensure efficient resource allocation to actively assist different sectors during severe cyber incidents that pose significant risks to crucial societal functions and Sweden’s security.
In summary, the digitalization of the financial sector exposes both individual actors and the entire financial system to cyber risks. To enhance system resilience, efforts are needed at both the individual and systemic levels. Individual actors must have robust protection, efficient incident detection and response capabilities, and a high level of preparedness for system recovery and data restoration. At the systemic level, identifying key functions of the financial system and assessing their reliance on various IT systems are essential. Evaluating the overall resilience of the system and implementing measures to strengthen it are equally crucial. Adopting a systemic perspective, both within the financial sector and at the national level, acknowledges the interconnectedness between the financial sector and other vital sectors of society. This approach creates favorable conditions for enhancing society’s resilience to cyber incidents as a whole.