Finantsinspektsioon is drawing the attention of smaller banks to the need to minimise their IT risks at a time when the number of attacks aimed at them has multiplied and there are heightened IT risks throughout the world. The analysis done for Finantsinspektsioon shows that the IT risks of small banks in Estonia are similar to those of large European banks, and the measures taken to minimise those risks are at least as effective. Finantsinspektsioon only analysed the IT risks at small banks, and a similar analysis was carried out for the large banks in Estonia by the European Central Bank.
The number of cyber attacks aimed at small banks or their service providers was around three times as high in 2021 as it was in the previous year. The danger of an attack against the banks themselves or the systems of key service providers that could seriously affect the operation of their services remains high in consequence of the war that started in 2022 between Russia and Ukraine. Information sent to Finantsinspektsioon shows that small banks consider the risks associated with outsourcing IT activities to be greater than the average. The more small banks use external partners for their IT activities, the greater the risk. As the banks in Estonia mainly provide services through e-channels, the risks around the continuity of e-channels are higher than the average. Several software companies gave warning of security weaknesses in some widely used software last year, and the banks had to react quickly and take all the necessary measures to avoid the associated risks.
IT risk is one of the most important risks for banks, as most of the processes in the banks depend on technological solutions operating reliably and securely The banks work in an environment where the expectations of clients are constantly increasing, while the IT landscape and the rules governing it are constantly developing and being updated. The complexity of the IT environment and the number of different cyber attacks are leading to high expectations for the cyber security of the banks.
Finantsinspektsioon regularly analyses the level of IT risk at the small banks and the change in it, and the effectiveness of measures taken and any possible shortfalls in them. The small banks are Inbank, LHV Pank, Coop Pank, TBB pank, Bigbank, and Holm Bank. These are the banks that fall under direct supervision by Finantsinspektsioon. The IT risks are similar for the small banks and the large banks in Estonia.