logo-eui RSCAS

Enhancing the Cyber Resilience of the Financial Sector



  • General description

    While technology brings new opportunities to the financial sector from efficiency gains to providing increased access and usage to financial services for individuals and entities, it is also true that explosion of digital financial services has exponentially expanded the attack surface that criminals can exploit. Within this context, cyber threat is borderless, and the capabilities of the adversaries are constantly evolving, readily scalable and increasingly sophisticated, threatening to disrupt the interconnected global financial systems. The cyber incidents suffered by financial services and infrastructure providers have resulted in severe financial, economic, operational and reputational loss for the targeted entity and the industry at large.

    The financial system is comprised of different types of entities, ranging from banks to financial market infrastructures to critical service providers. Given the potential impact of a cyber incident on the increasingly interconnected system, it is important that authorities develop and implement national cyber resilience strategies for their respective financial sector, encompassing a range of tools and initiatives, in an integrated and holistic manner.

    In recent years, authorities have increased their efforts on cyber resilience, developing regulations, guidance, tools, initiatives and capabilities to implement their respective national cyber resilience strategies. This course provides an overview of the cyber threat landscape; technical training on the basic principles of cybersecurity; the principles for developing cyber resilience strategies; the range of tools and initiatives to address cyber risk; and the future challenges facing the financial sector vis-a-vis cyber risk.

  • Topics covered

    • Cyber threat landscape in Europe and globally
    • Developing and implementing cyber resilience strategies in the financial sector
    • Technical training on cyber risk management and international cybersecurity frameworks
    • Cyber testing: Threat intelligence based ethical red-teaming
    • Systemic cyber risk
    • Public-private partnerships in cyber resilience
    • Fintech and innovative technology and cyber risks

  • What you will learn

    • You will learn about cyber risk and the threat it poses to the financial system
    • You will learn how to develop and implement a cyber resilience strategy for the financial system
    • You will get an understanding of the key principles and technical aspects of cybersecurity and resilience
    • You will get an understanding of the tactics, techniques and procedures of real-life threat actors and how they exploit weaknesses of financial institutions
    • You will learn how cyber risk can become systemic and the measures that can be taken to address the systemic risk
    • You will learn about fintech and innovative technology, and their implications on cyber risk

  • Meet the instructors

    Emran Islam is a Senior Market Infrastructure Expert at the European Central Bank (ECB). In his role, Emran co-ordinates the cyber resilience work for the Eurosystem. He was a part of the team that developed TIBER-EU, the Cyber Resilience Oversight Expectations (CROE), established the Euro Cyber Resilience Board, developed and operationalized the market-wide cyber exercise (UNITAS) and is currently developing the Cyber Incident and Information Sharing Initiative (CIISI-EU). Emran participates in various international groups, including the G7 Cyber Expert Group, the CPMI Task Force for Reducing the risk of wholesale payments fraud related to endpoint security, the FBS Cyber Lexicon Working Group, the CPMI-IOSCO Cyber Working Group, the ESRB Systemic Cyber Working Group and the World Bank FIGI. He was involved in the G10 Oversight of SWIFT and was the overseer of STEP2-T and EURO1. Prior to joining the ECB in 2015, Emran worked at the Bank of England for 5 years, where he was the supervisor of CHAPS, Bacs and FPS, as well as leading on the cyber work for UK FMIs.

    Klaus Martin Löber is Head of the Oversight Division of the European Central Bank, in charge of the oversight of financial markets infrastructures and payments instruments. The Eurosystem oversight requirements for their safety and efficiency, including cyber resilience, fall within this remit, in particular the recently issued Eurosystem Cyber Resilience Oversight Expectations. His areas or responsibility also encompass the ECB’s global regulatory policy activities with a focus on payments and market infrastructures. Furthermore, Mr Löber is contributing to the global fintech and digital innovations agenda, chairing the CPMI working group on digital currencies and co-chairing the CPMI-IOSCO working group on digital innovations looking into relevant developments. Prior to his current position, from 2012 to 2016, Mr Löber was Head of the Secretariat of the Committee on Payments and Market Infrastructures (CPMI) hosted by the Bank for International Settlements in Basel, Switzerland, a global regulatory standard setting body in the areas of payments, clearing and settlement. Earlier positions include the European Central Bank, the European Commission, Deutsche Bundesbank and private practice. Mr Löber regularly publishes on financial markets legal, regulatory and infrastructure issues.

    Deborah Eng is an Executive Director in the Global Cyber Partnerships & Government Strategy group at JPMorgan Chase. She is responsible for strengthening and developing JPMorgan Chase’s global cybersecurity relationships with law enforcement officials, government agencies and industry partners. Prior to joining JPMC, Ms. Eng was the Chief Operating Officer at The Chertoff Group. She also served in the U.S. Department of Homeland Security In 2008, Ms. Eng left the Office of the Secretary to become the Senior Advisor to the Administrator of FEMA. She began her public sector career at the White House in the Office of Political Affairs. She holds a Bachelor of Arts degree in International Relations from the University of Pennsylvania.

    Henry Holden is a Member of the Secretariat of the Committee on Payments and Market Infrastructures, which he joined in mid-2017 from the Bank of England. He is responsible for work covering digital innovations and currencies, cyber risk, foreign exchange and central clearing. He started his career at KPMG and after qualifying as a chartered accountant, he moved to a French investment bank where he reviewed the European lending and trading operations. Recent publications include a paper on central bank digital currencies and foreign exchange settlement.

    Givan Kolster (FalconForce) is an offensive security specialist that has performed numerous Red Team engagements. He led various advanced offensive security teams and seen the ins and outs of many clients across the globe. ivan has been involved in the creation of the Threat Intelligence Based Ethical Red-teaming (TIBER-NL and TIBER-EU) framework. Givan has digital security running through his veins and co-founded FalconForce to further his beliefs in creating a resilient digital society. Did you know his other passion is sustainability?

    Alexandra Mainati is Director of Cybersecurity & Innovation at the European Banking Federation. In her capacity, she manages – in addition to cybersecurity – the Federation’s work on cloud, data, payments, virtual assets and AI. In the framework of cybersecurity and working closely with bank associations throughout Europe, she is responsible for the EBF cybersecurity strategy, positions on legislative/regulatory processes, relations with EU institutions, and projects aimed at the harmonization of the regulatory environment. An advocate of empowering bank employees and customers through cybersecurity awareness-raising, Alexandra is EBF’s liaison with Europol’s European Cybercrime Centre (EC3) in creating and promoting relevant campaigns. She is also a member of the Advisory Group on Financial Services of Europol EC3, the Expert Group on Finance Sector’s ICT Resilience & Security of ENISA, and the Working Group for Financial Services of ECSO, and represents EBF in ad hoc projects of the G7 Cyber Expert Group and the IBFed. Finally, she is responsible for the EBF Cybersecurity Conference, held in Brussels, every October in the context of the European Cybersecurity Month.

    Elisabeth Noble is a Senior Policy Expert at the European Banking Authority. She represents the EBA in EU and international-level (e.g. FATF and FSB) work streams relating to FinTech, market-based finance, financial system interconnectedness, market access and the regulatory perimeter. She leads the EBA’s work on crypto-assets and innovation facilitators and is responsible for coordinating the European Forum for Innovation Facilitators (EFIF). She is contributing to the development of the new EU Digital Finance initiative and was a member of the European Commission’s Expert Group on Regulatory Obstacles to Financial Innovation (now disbanded). Prior to joining the EBA, Elisabeth spent 7 years at HM Treasury advising primarily on the UK government’s response to the financial crisis and the post-crisis domestic and EU regulatory reforms (2008-14), including the reforms to the regulatory architecture in the EU (Banking Union). Elisabeth has also spent some time in the private sector.

    Nathalie Pauline Tuxen is Head of Payments Systems in Danmarks Nationalbank. In this role, she works with a team of twenty-two experts to develop analysis and policy within the payments area. This work includes overseeing the Danish financial market infrastructure and heading initiatives for the entire financial sector regarding operational resilience and cybersecurity, such as a financial sector forum established in 2016 called FSOR and TIBER-DK. Nathalie is leading the Secretariat for FSOR. Previously, Nathalie was Head of Macroprudential Policy in Danmarks Nationalbank. Before entering the central bank Nathalie worked in the Danish Ministry of Finance. Nathalie holds a master’s degree of philosophy in economics from the University of Cambridge, UK, and a dîplome from l’Ecole Nationale D’Administration, France.

    Antonio Spadaro is an information security professional and manager at Deloitte Risk Advisory in the Netherlands. He performed and led a large number of ethical hacking engagements, from penetration testing to advanced adversarial operations targeting companies worldwide in Financial Services, Energy and Resources as well as other industries. Antonio is also involved in intelligence-led red team tests such as TIBER, helping organizations in the financial sector to become resilient against threats to people, processes and technology by assessing their capabilities to defend, detect and respond to real-life cyber attacks.

  • Prerequisites

    A basic knowledge of the financial system is required to be able to follow the course.

  • Fees

    1750€ – Public Authorities (e.g. National Competent Authorities, Central Banks and European Institutions).

    1900€ – Private Sector.

    950€ – Academics (Full-time Professors, full-time PhD Students and full-time Research Associates). Please submit a certificate attesting your status of Professor, PhD Student or Research Associate to fbf@eui.eu before registering. FBF secretariat will provide you with a code to register. *seats for academics are limited and assigned by the FBF secretariat on a case-by-case basis

    The course fee covers coffee and lunch breaks. Travel and hotel costs are not included.

    Please note that the payment must be settled two weeks before the start of the course.


    Participants who register and settle the payment before 31 January 2020 will benefit from a 10% reduction of the course fees.


    • In case a course is cancelled, registered participants will receive the full refund.
    • In case a course is moved to another date, registered participants may request a voucher to attend another FBF course.
    • Registered participants who have not yet paid the registration fee can cancel their participation until one month before the start of the course.
    • The registration fee is non-refundable, however it will be possible to transfer registration to another person or request a voucher for another FBF course up to 20 days before the start date of the course.

    For more details, please contact fbf@eui.eu
  • Practical information

    A certificate of attendance will be provided to all participants after the course.


    Please notice that the course dinner, and most of the social activities, will take place downtown.

    Recommended hotels in downtown Florence:

    Recommended hotels nearby the EUI:

    Suggested restaurants in Florence city centre


    On arrival, participants will be provided with temporary wi-fi access for the whole duration of the course.

    Privacy Notice

    The personal information you have provided will be processed in compliance with the EUI Privacy Statement for conferences. For general queries: fbf@eui.eu


    General information on local transport

    From Florence airport:

    Florence airport is located 8 km from the city centre, approximately 30 minutes by taxi or bus. Taxis can be found outside the arrivals terminal; no reservation is needed. A taxi ride from the airport costs about €20 and takes approximately 25/30 minutes.

    A tramway (line T2) connects the airport to the city centre. Trains leave from the airport terminal and take 20 minutes to the main railway station. One-way tickets can be bought from vending machines for €1.50.

    The airport is also connected to the main railway station in Florence by a shuttle bus (‘Vola in bus’) that leaves every 30 minutes (on the hour and on the half-hour) and takes 25 minutes. Tickets are available on board for €6.00.

    From the central railway station:

    Take bus n. 7 at the bus stop Stazione Nazionale in the direction “Fiesole Piazza Mino”, get off at the stop ‘San Domenico 01’. For bus routes and timetables consult the official timetable.

    Bus tickets are sold outside the railway station, at ATAF ticket kiosks and vending machines, tobacconists (tabacchi), newspaper kiosks (edicole), and most cafès (bar). Bus tickets can be purchased also on board with a contactless credit card (Mastercard, Maestro, Visa and V PAY).

    Private car

    From the A1 Milano-Napoli (Autostrada del Sole), take the Firenze Sud exit and follow directions to the city centre/Stadio. Follow the directions to the stadium (Stadio), then for Fiesole. San Domenico is on the main road to Fiesole.

    The EUI has several free parking areas available all over the Campus.