FINFSA Cyber Resilience Stress Test

Published on: Jan 17, 2025

On Jan. 14, FINFSA reported cyber resilience stress testing in 2025.

  • FINFSA reported it will test Finnish financial markets' resilience to cyber disruptions by conducting a cyber resilience stress test as a thematic assessment in 2025.
  • Follows FINFSA Feb. 2024, supervisory, audits, thematic assessment, see #199994.
  • Follows ECB Jan. 2024, announced banks stress tested on cyberattacks, see #196964.
  • Cyber Thematic Assessment
  • Assessment focuses on 12 significant supervised entities in Finnish financial markets.
  • ECB tested the resilience of significant banks under its direct supervision to cyber disruptions in 2024, and ECB's stress test also covered some Finnish banks.
  • FINFSA's thematic assessment aims to assess the ability of supervised entities to recover from a serious ransomware attack, in addition to other required actions.
  • Such as the ability of supervised entities to act in the event of a large-scale denial-of-service attack targeting society will be assessed by FINFSA accordingly.
  • FINFSA will send a thematic survey to entities affected by the stress test in Mar. 2025.
  • The most significant results of the thematic assessment are supervised entity-specific reports, which contain supervised entity-specific observations and recommendations.
  • Primary criteria includes Regulation on Digital Resilience in Financial Sector (DORA).
Regulators
FINFSA
Entity Types
Bank; Ins; Inv Co
Reference
Bul 8/2025, 1/14/2025; DORA Dir 2022/2556, Reg 2022/2554
Functions
AML; Compliance; Cyber; Financial; Legal; Operations; Risk; Technology; Treasury
Countries
Finland
Category
National Regulator
State
N/A
Products
Banking; Fund Mgt; Insurance; Securities
Rule Type
Guidance
Regions
EMEA
Rule Date
Jan 14, 2025
Effective Date
Jan 14, 2025
Rule ID
240245
Linked to
Rule :199994
Reg. Last Update
Jan 14, 2025
Report Section
EU