Cyber Risk Management

The Cyber Risk Management workstream aids banks in identifying, quantifying, managing, and monitoring risks related to IT and information security.

More
- Trading & Market Risk

Introduction

Cyber Risk Management is a priority within the European banking sector, involving a continuous cycle of identifying, quantifying, managing, and monitoring IT and information security risks. This process is vital for ensuring the integrity and resilience of banking operations in the EU.

In line with this, the ECB, EBA, and the SRB are rigorously monitoring developments in this area. These bodies issue comprehensive regulations and informative newsletters, and conduct verification measures, including on-site inspections, to evaluate the effectiveness of cyber risk controls at supervised banks. Their diligent oversight helps maintain robust cybersecurity practices across the financial sector, protecting institutions from evolving cyber threats.

Challenges

Coordinating DORA compliance efforts
Cyber resilience stress testing
Grasping ECB/EBA/SRB's priorities on Cyber Risk Management
Managing OSI

Coordinating DORA compliance efforts

Simultaneously managing multiple compliance projects associated with the Digital Operational Resilience Act (DORA), each under tight deadlines. This demands the deployment of diverse expertise and the implementation of accelerators to streamline adjustments and optimise the efficiency of the associated investments.

Cyber resilience stress testing

Managing requests from the ECB that align with declarations made during stress testing exercises and conform to market best practices. This involves not only responding effectively to specific demands but also ensuring that cyber resilience strategies are robust and reflect the highest industry standards. This necessitates continuous adaptation and enhancement of their cybersecurity measures to meet evolving regulatory expectations and safeguard against potential vulnerabilities.

Grasping ECB/EBA/SRB's priorities on Cyber Risk Management

Keeping abreast of the ECB/EBA/SRB's priorities and expectations regarding Cyber Risk Management and integrating these priorities into cyber security strategies. This requires proactively aligning risk management practices with these guidelines to ensure adequate preparedness for regulatory scrutiny and able to mitigate potential cyber threats effectively.

Managing OSI

Effectively managing On-Site Inspections (OSIs) to ensure they accurately represent the actual cybersecurity measures and practices in place. This requires meticulous preparation and transparency to demonstrate compliance and operational resilience to inspectors. This requires that reported processes and implemented controls are clearly documented and accessible, aligning closely with regulatory expectations and industry standards to successfully navigate these rigorous evaluations.

How we can help

PwC has supported numerous banks in various of Cyber Risk Management projects.

As a leading consulting firm, we can work with your organisation to deliver high-quality outcomes across all aspects of Cyber Risk Management. We can also advise on value-adding initiatives, identify areas requiring enhancement, and support clients on ensuring compliance with regulatory requirements.

We can assist you with the following topics:

Supporting in the preparation for OSIs by organising training for personnel involved and critically reviewing existing documents and processes. Our approach enhances these elements from the perspective of meeting regulatory expectations, ensuring that your organisation is well-prepared for the inspection.

Contact us

Paolo Carcano

Cyber Risk Management Workstream Lead, Partner, PwC Italy

Tel: +39 334 689 6335

PwC office locations Site map Contact us

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.