The European Central Bank told euro zone banks they have four months to produce plans to address cyber threats enabled by advanced artificial intelligence models.
The ECB, the euro zone's top banking supervisor, instructed lenders to prioritise protection of internet-facing systems and other exposed technology assets, including third-party software and open-source components, and to speed up vulnerability fixes and monitoring.
"These developments have potentially profound implications for the confidentiality, integrity and resilience of banks’ information and communication technology systems," ECB chief supervisor Claudia Buch said in a letter to bank chief executives.
The ECB also urged banks to modernise ageing technology, improve cyber hygiene and strengthen crisis-management, recovery and information-sharing arrangements, and set a submission deadline of October 31.
To free up resources for the work, the ECB postponed a separate IT survey and said it may adjust inspections and other supervisory activity, and it will publish findings after reviewing banks' plans.
The European Systemic Risk Board warned that large-scale cyber disruptions could erode trust in financial institutions, trigger runs and spread rapidly through common technology providers and shared software.
The Bank of England called the ECB's move sensible but said it would not issue binding edicts, while the Federal Reserve stressed proportional supervision that focuses on governance and enabling innovation.