The European Securities and Markets Authority (ESMA) has added cyber risk and digital resilience to its Union Strategic Supervisory Priorities (USSPs) list.
Through the USSP, ESMA hopes to keep pace with technology and market developments, monitor potential contagion effects of attacks and track disruptions across markets and firms. It will come into force in 2025, alongside the Digital Operational Resilience Act (DORA).
A greater focus will be placed on firms’ ICT risk management, with EU supervisors developing new supervisory capacity and expertise and overseeing companies’ operations.
While the new USSP will replace the current market data quality USSP, ESMA affirms that data quality remains the primary duty of supervised entities. The organisation advises that firms and their top management should take ownership of the data they report and increase how it is used internally.
