Danish FSA first to perform cyber ​​stress testing for financial companies

Datatilsynet has developed and tested a new methodology to investigate and strengthen the financial sector’s ability to manage extensive, long-term ICT disruptions.

Finanstilsynet, the financial supervisory authority (FSA) in Denmark, is the first FSA in the EU to have developed and implemented a cyber stress test to assess companies’ ability to handle extensive IT breakdowns.

The test was performed with seven companies, Danske Bank , Jyske BankNykreditSydbank and the data centers JN DataBEC and Bankdata, and completed with good results, according to the authority.

“The test has given all participating companies and the FSA good learning points and strengthened our common understanding of how companies should handle major IT failures,” said deputy director Karen Dortea Abelskov, who is responsible for the FSA’s IT supervision.

Crisis management

The cyber stress test included themes such as:

  • time perspective for re-establishing normal IT operations;
  • continuation of critical business functions without normal IT;
  • overview of the consequences of the crash;
  • communication as an integral part of emergency plans and crisis management; and
  • co-ordination of preparedness.

With this test, Finanstilsynet says that both the participating companies and others can strengthen their operational strength by continuing working with these learning points.

“We have had a really good collaboration with the sector. Everyone has approached the task with an attitude that we must jointly learn how to best equip the financial sector to handle IT and cyber crashes,” Abelskov added.

This was the first planned test. Another cyber stress test is planned for 2025, in which Finanstilsynet and the Danish National Bank will focus on how an extensive, long-lasting IT breakdown is handled across actors in the sector, and what consequences it will have at sector level.