The advanced course on cyber risk is developed within the EU Supervisory Digital Finance Academy (EU- SDFA) organised by the European University Institute (EUI) – Florence School of Banking and Finance together with the European Commission (DG REFORM and DG FISMA) and the European Supervisory Authorities (EBA, EIOPA and ESMA). The advanced courses delve deeper into the topics covered in the EU-SDFA foundational training weeks, applying a holistic and cross-sectoral approach which covers banking/payments, insurance, and securities. Moreover, the advanced courses reflect the current supervisory needs flagged to EU-SDFA’s partners by beneficiary National Competent Authorities (NCAs).
The advanced course on cyber risk generally deals with cyber risk management, exploring different approaches and focusing on supervising strategies to assess and mitigate cyber risk. There are indeed multiple dimensions of cyber risk: cyber risk of financial entities and cyber risk of network and information systems. In addition to the EU dimension, there are national as well as global dimensions of cyber risk.
The advanced course on cyber risk (through presentations, interactive presentations, classroom discussions, and panel discussions) deals with the main developments in the cyber threat landscape; development and implementation of cyber resilience strategies; ICT risk management; ICT-related incident management, classification and reporting; cyber testing; management of risks related to the use of third-party providers; public-private partnerships and information sharing; how cyber incidents can become systemic, and what approaches can be taken to address systemic risk. The final panel discusses future prospects, exploring whether innovative technology could increase or decrease cyber risk. Group activities, followed by interactive discussions with the instructors, engage participants in the solutions to problems, providing them with the opportunity to share their knowledge, skills and understanding. Group activities allow participants to benefit from cooperative learning and evaluation.
“Sufficiently balanced and well-organized course which is useful for both the experts dealing with cyber risk agenda as well as for the ones keen to acquire a deeper understanding of this area, related challenges and get access to the useful channel for future self-development.”
Karel Bartak
CNB - Ceska Narodni Banka (Czech National Bank)
Describe the different approaches to the regulation of cyber risk and their main objectives.
Compare different approaches to the regulation of cyber risk.
Analyze and critically assess different rules on cyber risk management.
Identify, within the different approaches, the main principles for the regulation of cyber risk.
Interpret and implement in a certain context the main principles for the regulation of cyber risk.
Produce documents based on the main principles for the regulation of cyber risk.
Session 1 – Introduction: Multiple dimensions of cyber risk
Session 2 – Presentation: Cyber threat landscape and outlook
Session 3 – Presentation: Developing and implementing a cyber resilience strategy for the financial sector