02/06/2025
Two subgroups of the EFR “Cyber Threat Information Sharing Group” have prepared Papers on Cyber Metrics and AI. Both Papers have an Executive Summary for the EFR Members. The White Papers are living documents that will be updated over time.
Cyber Metrics
A common set of metrics – Cyber Key Risk Indicators – has been drawn up to achieve a minimum benchmark and a good basis for executive reporting. The 10 most relevant cyber metrics for Board and C-Level Senior Management are given. Aim is to improve intelligence sharing and best practices across the European Financial sector.
Artificial Intelligence
The Paper is based on a strategic and tactical approach and focuses on internal governance and managing the risks introduced by AI. The investigation revealed several critical security risks associated with AI products, which were categorized into data security and privacy, model risk, regulatory and legal compliance, and operational and third-party risks. To mitigate these risks, the group identified specific control objectives such as implementing robust access controls, encryption, and data validation mechanisms.