The G7 Cyber Expert Group, co-chaired by the U.S. Department of the Treasury and the Bank of England, has released a policy paper outlining fundamental elements for collective cyber incident response and recovery in the financial sector.
The publication addresses the growing global nature of major cyber incidents and highlights the need for effective response strategies that rely on cooperation among financial authorities, institutions, third-party service providers, and other relevant sectors including government agencies. The group notes that both voluntary and formal coordinated approaches to cyber incident response can improve information sharing and communication, help contain incidents' impact, support financial system stability, and reinforce public confidence.
Cory Wilson, U.S. Treasury Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection, along with Duncan Mackinnon, Executive Director for Supervisory Risk at the Bank of England—both Co-Chairs of the G7 Cyber Expert Group—stated: “In today’s deeply interdependent financial system, responding to shared collective threats in an effective and coordinated manner has never been more important. The fundamental elements of collective cyber incident response and recovery will be a useful tool for organizations to consider when reviewing their own incident response protocols.”
The newly published G7 Fundamental Elements are described as non-binding principles designed to guide organizations in developing or refining their collective cyber incident response arrangements. These guidelines are intended to promote greater alignment among different national or sectoral approaches while allowing adaptation to local market needs and regulatory frameworks.
Formed in 2015, the G7 Cyber Expert Group brings together representatives from all G7 countries' financial authorities as well as from the European Union. The group works on cybersecurity policy coordination across member jurisdictions and serves as a platform for information sharing, collaboration, and joint responses to cyber incidents.
