Cyber Resilience in the Financial Sector


The Swedish financial supervisory authority (the “FSA”) has published a report regarding cybersecurity concerns in the financial sector.

The FSA has recently published a report regarding its concerns for cybersecurity in the financial sector. The FSA has allegedly raised its concerns in part as a result of the deteriorating security situation in Europe, in particular in Sweden’s close geographic vicinity. The financial sector, while perhaps not as crucial as the supply of electricity and the infrastructure for electronic communications, may still be regarded as a critical sector for the functioning of modern society.

The FSA has the aim to enhance its supervisory activities regarding cybersecurity in the financial sector, for instance by extending its normal cybersecurity supervision activities to also include other financial companies and insurance companies (currently, the FSA’s supervision concerning cybersecurity mostly include large and medium-sized banks). These activities are suggested to include, inter alia, an improved supervisory strategy to enable more thorough and frequent supervision and provide the FSA with the ability to oppose certain outsourcing arrangements. The FSA’s proposal also includes a centralisation of incident reporting, facilitating a clear and easy-to-use reporting mechanism for the majority of an entity’s incident reporting obligations under several different pieces of legislation. Furthermore, suggested measures also include a new structure for cyber-attack exercises and enhanced management of operative crises as a result of cyber-attacks or similar incidents.

The FSA also proposes to enable other government authorities, particularly the National Defence Radio Establishment (the “FRA”), the Swedish authority for signals intelligence, to provide assistance to private entities (for instance in the financial sector). This would potentially mark a significant enhancement of active cybersecurity measures, with the FRA providing its technical expertise to individual companies in the financial sector. Additionally, the report also proposes an increased cooperation between the financial sector and, e.g., the Swedish Civil Contingencies Agency and the Swedish Security Service.

The experts at Norelid Advokatbyrå, assist clients to prepare for the legal implications of cybersecurity law. If you would like to know more about how we can assist you and your organisation, you are of course more than welcome to contact us at our reach out to our cyber desk directly.

The above information published by Norelid Advokatbyrå and/or its employees is only to be considered general information and does not constitute, nor should it be used as, professional legal advice. There is a risk that the information is not complete or not entirely updated. Any use of the information is at the risk of the user.