By Francesco Guarascio
BRUSSELS (Reuters) - The European Union is considering testing banks' defenses against cyber attacks, EU officials and sources said, as concerns grow about the industry's vulnerability to hacking.
Cyber attacks against banks have been growing in numbers and sophistication in recent years, with criminals finding new ways to target banks beyond trying to illicitly obtain details of their customers' online accounts. Last February $81 million was taken from the Bangladesh central bank when hackers broke into its system and gained access to the SWIFT international transactions network.
Global regulators have tightened security requirements for banks after that giant cyber fraud, one of the biggest in history, and in some countries have carried out checks on lenders' security systems.
But complex cyber attacks have kept rising, as revealed in November by SWIFT in a letter to client banks and by the theft of 2.5 million pounds ($3 million) from Tesco Plc's banking arm in the first mass hacking of accounts at a Western lender.
Banks "are struggling to demonstrate their ability to cope with the rising threat of intruders gaining unauthorized access to their critical systems and data," a report of the European Banking Authority (EBA) warned in December.
The next step from European regulators to boost security could be an EU-wide stress test.
The European executive commission is assessing "additional initiatives that could be developed to counter cyber attacks," a commission official told Reuters. "These include cyber-threat information sharing or penetration and resilience testing of systems."
The European Central Bank announced last year it would set up a database to register incidents of cyber crime at commercial banks in the 19-country euro zone. But exchanges of information among national authorities on cyber incidents remains scant.
The Commission is studying whether EU-wide tests would help step up security, a source at the EU executive said. This would be in addition to controls already carried out in Britain and other EU states by national authorities.
EBA, which is in charge of stress-testing the bloc's banks, is expected to detail in summer the checks it intends to conduct in the next exercise planned in mid 2018.
EBA tests banks' capital cushions and can conduct checks on specific issues. Last year it monitored risks caused by fines, as EU lenders faced sanctions from U.S. regulators.
An EBA official said cyber security was on the agency's radar but no decision had been made over a possible stress test. The body's chairman, Andrea Enria, has urged EU states to stress-test their financial institutions for cyber risks.