Recital 3

Systemic vulnerabilities


The European Systemic Risk Board (ESRB) reaffirmed in a 2020 report addressing systemic cyber risk how the existing high level of interconnectedness across financial entitiesas defined in Article 2, points (a) to (t), financial markets and financial market infrastructures, and particularly the interdependencies of their ICT systems, could constitute a systemic vulnerabilitya weakness, susceptibility or flaw of an asset, system, process or control that can be exploited because localised cyber incidents could quickly spread from any of the approximately 22 000 Union financial entitiesas defined in Article 2, points (a) to (t) to the entire financial system, unhindered by geographical boundaries. Serious ICT breaches that occur in the financial sector do not merely affect financial entitiesas defined in Article 2, points (a) to (t) taken in isolation. They also smooth the way for the propagation of localised vulnerabilitiesa weakness, susceptibility or flaw of an asset, system, process or control that can be exploited across the financial transmission channels and potentially trigger adverse consequences for the stability of the Union’s financial system, such as generating liquidity runs and an overall loss of confidence and trust in financial markets.