GBAF Logo
Global Banking & Finance Awards® 2026 Nominations open, free to enter Nominate now →
ECB tells banks to draw up plans against AI attacks amid disruption fears - Finance news and analysis from Global Banking & Finance Review
Finance

ECB tells banks to draw up plans against AI attacks amid disruption fears

Published by Global Banking & Finance Review

Posted on July 7, 2026

2 min read

· Last updated: July 7, 2026

Add as preferred source on Google

ECB Orders Banks to Prepare for AI Cyber Threats to Protect Financial System

ECB's Directive and Growing Concerns Over AI-Driven Cyber Risks

FRANKFURT, July 7 (Reuters) - The European Central Bank on Tuesday gave euro zone banks four months to draw up plans to counter AI-enabled cyber threats that could undermine confidence in the financial system and disrupt payments.

Regulatory Response to Advanced AI Models

The move reflects mounting concern among regulators about advanced AI models such as Anthropic's Mythos whose cyber capabilities have become so powerful that access to some of them has been restricted — a limitation that currently excludes euro zone banks.

Implications for Bank ICT Systems

"These developments have potentially profound implications for the confidentiality, integrity and resilience of banks’ information and communication technology (ICT) systems," the ECB said in a letter to bank chief executives.

ECB's Recommendations for Banks

It told banks to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components, while speeding up vulnerability fixes and strengthening monitoring.

Modernisation and Crisis Management

The euro zone's top banking supervisor also urged lenders to modernise ageing technology, improve cyber hygiene and strengthen crisis-management, recovery and information-sharing arrangements.

Timeline and Supervisory Adjustments

Banks have until October 31 to submit their plans. To free up resources, the ECB has postponed a separate IT survey and may adjust inspections and other supervisory work.

Systemic Risks Highlighted by the ESRB

In a warning published alongside the ECB's letter, the European Systemic Risk Board said large-scale cyber disruptions could erode trust in financial institutions and even trigger runs on companies or countries perceived as less secure.

Potential Scenarios and Sector-Wide Impact

"The ESRB considers these developments to be a source of systemic risks to the financial system," said the ESRB, a European Union body that issues recommendations to other authorities.

To illustrate the risks, the ESRB outlined scenarios ranging from a gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks on payments, clearing and settlement systems, potentially amplified by misinformation campaigns.

It said incidents could spread quickly through common technology providers and shared software used across the financial sector.

(Reporting by Francesco Canepa. Editing by Mark Potter)

Key Takeaways

  • ECB demands that banks develop and submit detailed plans by October 31 to defend against AI‑enabled cyberattacks targeting ICT systems.
  • Regulators stress modernising legacy tech, improving cyber hygiene, and accelerating patching, while prioritising internet‑facing and third‑party components.
  • The ESRB warns that AI‑driven cyber disruptions may pose systemic risks—potentially triggering runs or large‑scale payment system disruptions.

Frequently Asked Questions

Why has the ECB given banks a four-month deadline?
The ECB wants euro zone banks to counter AI-enabled cyber threats and submit plans by October 31 to safeguard the financial system.
What specific areas are banks told to prioritize?
Banks should focus on protecting internet-facing systems, exposed tech assets, speeding up vulnerability fixes, and enhancing monitoring.
What risks does the ESRB highlight regarding AI cyber threats?
The ESRB warns that large-scale cyber disruptions could erode trust, trigger bank runs, and pose systemic risks across the financial sector.
How could AI cyber incidents spread in the financial sector?
Incidents could rapidly affect institutions through common technology providers and shared software used across the sector.

Tags

Related Articles

More from Finance

Explore more articles in the Finance category