The Riksbank’s work on cyber risks

Cyber risks are currently seen as one of the greatest threats to the international financial system and its participants. The Riksbank works with cyber risks by, among other things, coordinating threat-led penetration tests. This is done in order to test the cyber security of participants in the Swedish financial system. Such tests have been coordinated since 2019, when the Riksbank decided to implement the Threat Intelligence-Based Ethical Red Teaming (TIBER) framework. The tests can help important actors obtain a better picture of their capacity to manage cyber risks, and thus provide a base for strengthening resilience in the financial system.

Experience in coordinating threat-led penetration tests is a key part of the expanded remit assigned to the Riksbank in connection with the application of the EU Digital Operational Resilience Act (DORA). The Regulation requires financial entities with system-critical activities to carry out Threat Led Penetration Testing (TLPT). Finansinspektionen designates which financial actors are to be tested and how often, while the Riksbank is responsible for monitoring and coordinating the tests. The mandate came into effect on 17 January 2025.