Resilience and Readiness - BNP Paribas CIB

19 May 2026

BNP Paribas places cybersecurity at the heart of its digital transformation and its trust-based model. In a context where cyberattacks are becoming increasingly frequent and sophisticated, the Group considers the protection of data, operations, and its clients as a strategic priority.

Cybersecurity is embedded at the core of the Group’s governance, through a structured model based on the “three lines of defense”. This framework enables consistent risk management across all levels, from operational management within the Group’s Businesses and Functions up to the Board of Directors, and ensures independent and regular oversight of the controls in place.

Furthermore, BNP Paribas adopts a risk-based approach, consisting of continuously assessing the cyber maturity level of its entities and defining priorities aligned with emerging threats. This approach is part of a multi-year transformation roadmap aimed at sustainably strengthening the Group’s resilience against cyberattacks. It also means that the Group proactively monitors the evolution of new technologies and emerging cyberattack methods.

The rise of artificial intelligence, which represents both an opportunity and a risk for organizations worldwide, is therefore fully integrated and closely monitored by our cybersecurity experts. BNP Paribas has been leveraging numerous AI use cases for several years, including in risk prediction and prevention. These capabilities enable us to continuously raise our cybersecurity standards while further industrializing the protection of our infrastructure. The recent announcement of Anthropic’s new model, Mythos, does not therefore constitute a strategic disruption for our cybersecurity model, but rather an acceleration of an already ongoing movement—both on the defensive side and potentially on the attackers’ side as well.

To address cyber threats, the Group has notably implemented:

A dedicated crisis management and incident response framework. Our Cyber Security Incident Response Team (CSIRT) is highly skilled and has deep expertise in threat containment and recovery. Operating within a mature framework, it works closely with our Cyber Threat Intelligence (CTI) team to leverage real-time insights on threat actors and emerging attack patterns. Regular simulations and predefined playbooks support rapid and effective responses. This integration enables proactive threat mitigation and helps minimize operational impact.
Continuous monitoring of recently published vulnerability reports, along with a risk analysis process based on Cyber Threat Intelligence to determine which ones pose a higher level of threat, using a prioritization model.
Regular assessments of our information system across different axes (internal, extranet, and code) to ensure comprehensive coverage and vulnerability identification.
Initiatives and new methods to accelerate patching timelines, using various technologies and team expertise to ensure that fixes are applied with minimal delay.

BNP Paribas fully integrates interactions with its ecosystem into its cybersecurity framework, through relationships with suppliers, regular exchanges with regulatory authorities, and interactions with its peers in the financial sector. The Group continuously assesses and manages third-party risks, embedding cybersecurity requirements from the vendor selection phase and throughout the contractual relationship. It also actively engages with regulators to meet increasing expectations in terms of operational resilience and information systems security.

Finally, the Group places particular emphasis on the human factor by raising awareness among all employees of best practices and digital risks. Cybersecurity is therefore not only a technical issue, but also a lever for trust, performance, and resilience across the entire organization and its stakeholders.