News

ECB orders banks, including Goldman Sachs, to plan for AI cyber threats

Goldman’s Europe teams now face a new AI cyber checklist: the ECB gave banks until Oct. 31 to assign owners, map risks and fix weak spots.

Lauren Xu··2 min read
Published
Listen to this article0:00 min
ECB orders banks, including Goldman Sachs, to plan for AI cyber threats
Source: The Mighty 790 KFGO | KFGO

In a July 7 letter to significant institutions, the ECB gave euro area banks four months to submit plans for countering AI-enabled cyber threats by October 31.

Emerging AI models can identify software vulnerabilities and generate functioning exploits at unprecedented speed. The letter treats the threat as a long-term shift, not a temporary surge or a risk tied to any one tool, and asks banks to deliver a comprehensive action plan with concrete measures, resources, roles, responsibilities and implementation timelines.

AI-generated illustration
AI-generated illustration

The guidance pushes banks to focus first on internet-facing systems and exposed technology assets, including third-party software and open-source components. It also calls for faster vulnerability fixes, tighter monitoring, better cyber hygiene, modernized legacy systems and stronger crisis-management, recovery and information-sharing arrangements. Strategic ICT decisions, including investments, resource allocation and risk-tolerance frameworks, may need to be revisited as a result.

Claudia Buch, the ECB’s chief supervisor, told bank chief executives that the developments could have profound implications for the confidentiality, integrity and resilience of banks’ ICT systems. The Digital Operational Resilience Act remains highly relevant in view of the changing cybersecurity landscape, and the ECB pointed institutions to open supervisory findings and unresolved weaknesses that should be addressed without delay.

The ECB’s 2024 cyber-resilience stress test covered 109 directly supervised banks, with 28 undergoing more extensive testing, and gauged how firms would respond to and recover from a severe but plausible cyber incident. Its revised Eurosystem cyber resilience strategy, published on October 18, 2024, expanded beyond financial market infrastructures to additional payment entities overseen under the PISA framework.

The ECB’s May 2024 Financial Stability Review identified widespread AI use and concentrated AI suppliers as possible sources of operational risk, including cyber risk, along with market concentration and too-big-to-fail externalities. In the same week, the Bank of England, the Financial Conduct Authority and HM Treasury found frontier AI models already exceed what a skilled practitioner could achieve in cyber tasks, at much greater speed, scale and lower cost.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More Goldman Sachs News

ECB orders banks, including Goldman Sachs, to plan for AI cyber threats | Prism News