Varying shades of red: how red team testing frameworks can enhance the cyber resilience of financial institutions

Financial institutions use a range of testing activities to assess their cyber resilience capabilities. While each type of test has its intended objective, there is recognition of the importance of threat intelligence-led simulation of real-life cyber attacks through red team tests. Red team tests are useful to identify potential weaknesses in financial institutions' cyber protection, detection and response capabilities that are then addressed by an effective remediation plan. In recent years, a number of jurisdictions have established frameworks for red team testing mainly for large and critical financial institutions. These frameworks share a number of common elements, but the objectives and implementation details differ. Coordinated cross-border red team testing by financial institutions is necessary to avoid jurisdictional blind spots and minimise unnecessary duplication of efforts by firms and authorities. In this regard, we observe that certain authorities may be prepared to recognise red team testing conducted under another jurisdiction's framework if certain conditions are met.

JEL classification:  G18, M15