Data protection concept. GDPR. EU. Cyber security. Business man using mouse computer with padlock icon and internet technology network on blue background.

Cyber-risk and resilience is being elevated to the status of a top supervisory priority for European securities regulators.

The European Securities and Markets Authority (ESMA) is revising its list of strategic supervisory priorities to add oversight of the industry’s cybersecurity as a primary concern for regulators in the region — replacing their focus on market data quality.

Under the new priority, regulators will step up monitoring and compliance actions targeting firms’ technology risk management.

Regulators will also seek to build their supervisory capacity and expertise in the cybersecurity realm.

“The aim is to keep pace with market and technological developments, and closely monitor potential contagion effects of attacks and disruptions across markets and firms,” it said.

The planned new focus on cybersecurity risk joins greenwashing and ESG disclosure as the top supervisory priorities for ESMA and Europe’s national regulators.

“The aim is to tackle greenwashing, increase investors understanding and embed sustainability requirements when firms advise investors,” ESMA said in a release. It added that ESG disclosures from issuers, investment managers and investment firms will remain a focus in 2024.

The new set of compliance priorities, which coordinates the work of ESMA and national regulators, comes into force in 2025.

Until then, the regulators will undertake the prep work and planning to guide their supervisory efforts.