The European Securities and Markets Authority (ESMA), the European Union's financial markets regulator and supervisor, recently incorporated the Cyber Events Database in a large-scale risk analysis.
Last month, ESMA published its Semi-annual Trends, Risk and Vulnerability (TRV) report, which identifies market trends and associated risks in the European Union financial system. The report's TRV Statistical Annex (Chart A.131) features data from the Cyber Events Database, illustrating the growing global trend of cyber incidents in the financial sector.
ESMA's risk analysis, drawing insights from the Cyber Events Database, ranked Infrastructure and Services at an elevated risk level. The report projected ongoing cyber and operational risks, concluding that "while cyber incidents so far have had limited impact, risks remain high." The authors highlighted the vulnerability of IT systems, citing the recent outage caused by a CrowdStrike software update and Russia's ongoing cyberattacks against Ukraine, which have affected EU-based entities.
The Cyber Events Database, developed by the Center of International & Security Studies at Maryland (CISSM) and the Center for Governance of Technology and Systems (GoTech), provides open-source information on a range of publicly acknowledged cyber events affecting both private and public organizations. It includes events from 2014 to the present and offers standardized information on threat actors, threat actor countries, motives, targets, end effects, industry, and country impact.
The taxonomic system used to categorize cyber events in the database was originally developed by Charles Harry, GoTech Director, and Nancy Gallagher, CISSM Director. This system has been featured in the Journal of Information Warfare.
The use of the Cyber Events Database extends beyond ESMA. Other major financial institutions and regulatory bodies have also leveraged this resource for their analyses. These include the Bank of Japan (BoJ), which utilized the database in its semiannual Financial System Report, the European Central Bank (ECB), Deutsche Bundesbank, Banco de EspaƱa, and the National Institute of Standards and Technology (NIST). This widespread adoption underscores the database's value in providing insights into cyber risks across the global financial landscape.
The Cyber Events Database and the ESMA Report on Trends, Risks and Vulnerabilites are open source and free to view online.