The European Banking Authority ("EBA") Guidelines on ICT and security risk management (the "Guidelines") set out detailed requirements regarding the information and communication technology ("ICT") arrangements for in-scope firms (link to the Guidelines here).
The Guidelines define ICT and security risk as the:
"Risk of loss due to breach of confidentiality, failure of integrity of systems and data, inappropriateness or unavailability of systems and data or inability to change information technology within a reasonable time and with reasonable costs when the environment or business requirements change (i.e. agility). This includes security risks resulting from inadequate or failed internal processes or external events including cyber-attacks or inadequate physical security."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.