Tamas Gaidosch, Frank Adelmann, Anastasiia Morozova, and Christopher Wilson
This paper highlights the emerging supervisory practices that contribute to
effective cybersecurity risk supervision, with an emphasis on how these practices
can be adopted by those agencies that are at an early stage of developing a
supervisory approach to strengthen cyber resilience. Financial sector supervisory
authorities the world over are working to establish and implement a framework
for cyber risk supervision. Cyber risk often stems from malicious intent, and a
successful cyber attack—unlike most other sources of risk—can shut down a
supervised firm immediately and lead to systemwide disruptions and failures.
The probability of attack has increased as financial systems have become more
reliant on information and communication technologies and as threats have
continued to evolve.
International Monetary Fund. Monetary and Capital Markets Department
The Norwegian financial system has a long history of incorporating new technology. Norway is at the forefront of digitization and has tight interdependencies within its financial system, making it particularly vulnerable to evolving cyber threats. Norway is increasingly a cashless society, with surveys and data collection suggesting that only 10 percent of point-of-sale and person-to-person transactions in 2019 were made using cash.1 Most payments made in Norway are digital (e.g., 475 card transactions per capita per annum)2 and there is an increase in new market entrants providing a broad range of services. Thus, good cybersecurity is a prerequisite for financial stability in Norway.