Bank of Lithuania
1 of 1

The Bank of Lithuania, at its own expense and using its own resources, is the first in the euro area to have conducted a cyber exercise to check the resilience of our country’s financial market participants – mainly banks – to cyberattacks. 

‘Such a decision was prompted by the development of information technologies, their penetration into the financial services sector, and related risks. In order to assess the protection of people’s and enterprises’ money from potential cyberattacks, we have assumed the role of hackers and used a wide range of different ‘tools’, says Olga Starkienė, Senior Specialist of the Operational Risk Division of the Bank of Lithuania.

According to her, Bank of Lithuania specialists assessed how banks would ensure the availability of electronic services during cyberattacks: cyberattacks under different scenarios were imitated; the protection of the infrastructure was assessed; cyber risk management procedures and compliance with them were checked.  

According to Starkienė, bank information systems withstood the imitation cyberattacks, which indicates that the Lithuanian financial market system is currently resilient enough to the risks within this area.

‘Despite proper preparation for withstanding cyberattacks, areas to be enhanced were also identified. The Bank of Lithuania will present to each investigation participant detailed reports on the exercise results along with recommendations on how to further enhance resilience. We cannot let our guard down, as attacks in the electronic domain take a variety of new forms,’ claims the Senior Specialist of the Operational Risk Division.

One of the major antidotes is proper risk management and prevention: ongoing monitoring of cyber risk and threats, devised procedures of behaviour during attacks, technical decisions, and staff training. All these measures together enable monitoring and managing cyber risk, thereby reducing the probability of its materialisation.

The Bank of Lithuania Supervision Service will continue focusing particular attention on cyber risk management by periodically conducting cyber risk testing and consulting financial market participants on how to prepare for these threats and fight them.