Source: OJ L, 2024/1772, 25.6.2024
ENRecital 12 Classification of a cyber threats
Considering that cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; can have a negative impact on the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; and sector, the significant cyber threats means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; which financial entitiesas defined in Article 2, points (a) to (t) may submit should indicate the probability of materialisation and the criticality of the potential impact. Accordingly, to ensure a clear and consistent assessment of the significance of cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;, the classification of a cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; as significant should be dependent on the likelihood that the classification criteria for major incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; and their threshold would be met if the threat had materialised, on the type of cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; and on the information available to the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;.