Cyber threats in the financial sector to be met at express speed 

Cyber security Information and cyber security Robustness
The deteriorating security situation has increased the risk of cyber attacks in general, according to the Swedish Security Service. The government is now focusing in particular on the threat situation in the financial sector. Last year, the Financial Supervisory Authority and the Riksbank already described how cyber attacks can affect financial stability. The government, led by the Minister for Financial Markets Max Elger, is now taking decisive action to counter the threats. The work will be carried out at express speed, but it may be a wise approach that is being tested. 

On March 31, Finansinspektionen was tasked with proposing measures to strengthen the digital resilience of the financial sector. Financial firms are to be protected from attacks that could affect financial stability. The proposals will be presented in order of priority.

Although the assignment is based on reports from 2021, one senses Max Elgers' and the government's concern. The Swedish Financial Supervisory Authority has just over a month to complete the assignment. The Inspectorate will gather knowledge and experience from several designated authorities - but the new national cybersecurity center is somewhat surprisingly not mentioned.

The Financial Supervisory Authority must also submit proposals for measures in other authorities' areas. To ensure that this is not a purely theoretical exercise, the authority must make cost estimates and also submit proposals for how they are to be financed.

In my view, how the FSA captures and uses the knowledge and insights of industry representatives is crucial, as there must be realism in the proposed measures.

However, I think this could be a wise way to approach information and cyber security issues - to do analysis within a sector. The Financial Supervisory Authority has a good knowledge of its field and of the risks and appropriate ways to address them in the sector. The other, more security-oriented, authorities that will contribute to the work complement it with specific cybersecurity knowledge.

However, there is a danger that the costs and funding proposals will end up in the lap of private actors. Hopefully, however, the FSA, with its knowledge of the sector, can help to bring more balance to the proposed measures than would be the case if more threat- and security-oriented authorities were given a free hand.

In a little over a month, we may see if this is a model that can be used in other sectors.