The Norwegian Financial Supervisory Authority (Finanstilsynet) published its 2025 risk and vulnerability analysis (ROS) of ICT-related risk in the financial sector, assessing the digital threat landscape as high and shaped by geopolitical developments. It identifies key risks around firms’ defences against digital crime, governance models for ICT solutions and shortcomings in vendor management, while reporting total fraud losses of NOK 1,227 million in 2024, up 32%. Despite the elevated threat level, no ICT incidents in 2024 had consequences for financial stability and fewer serious incidents were reported than in 2023. Supervisory work during 2024 found weaknesses and vulnerabilities in firms’ oversight of ICT operations, including supplier follow-up, with complex vendor chains increasing the risk of supply-chain attacks and multi-stage operational incidents. The analysis also points to vulnerabilities in access management, governance and internal control, and stresses that each firm remains responsible for protecting its systems against intentional and unintentional events. Finanstilsynet also referenced a webinar and accompanying presentation materials to present the ROS 2025 findings.
Norwegian Finanstilsynet 2025-05-15
Norwegian Financial Supervisory Authority publishes 2025 risk and vulnerability analysis highlighting elevated cyber risk and NOK 1.227bn fraud losses
The Norwegian Financial Supervisory Authority released its 2025 analysis of ICT-related risks in the financial sector, noting a high digital threat landscape influenced by geopolitical factors. Key risks include digital crime defences, ICT governance models, and vendor management shortcomings, with fraud losses reaching NOK 1,227 million in 2024, a 32% increase. Despite the elevated threat level, no ICT incidents in 2024 impacted financial stability, though weaknesses in ICT oversight and complex vendor chains were noted.