Lighting a FIRE under cyber incident reporting: Digital-first format needed?
The Financial Stability Board (FSB) has published a consultative document on achieving greater convergence in cyber incident reporting. “Timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability,” it observes.
An important aspect of the FSB’s proposals is the development of a common format for incident reporting exchange (FIRE). It has already found a high degree of similarity in the information requirements for cyber incident reports. “Building on these commonalities, the FSB proposes the development of a common reporting format that could be further considered among financial institutions and financial authorities.”
The consultative document offers a preliminary structure for the FIRE concept as seed material for future discussions. Crucially, it notes that: “a text-based articulation of data requirements, with their accompanying formatting and logic rules, may be open to misinterpretation. To eliminate this interpretation risk, it may be necessary to encode the final concept into one or more commonly used data interchange formats such as JSON or XBRL which will also facilitate technical implementation.”
We at XBRL International would of course strongly recommend the use of XBRL to ensure the global comparability of cyber incident data, as well as to facilitate rapid, effective and dynamic analysis. XBRL is now also a very familiar reporting format for the majority of financial institutions. We would encourage interested members of the digital reporting community to respond to the consultation, and urge the FSB to lose no time in taking a digital-first approach. Responses are due by 31 December 2022.