Regulators and policymakers are increasingly concerned about cyber risks, as attacks are becoming more frequent, damaging, and potentially systemic. While financial institutions have focused on credit, market and liquidity risks, attention must also be paid to operational and cyber risks. Responding effectively to cyber threats requires more than just technical measures - organizations must improve cyber hygiene, culture, and agility. Most importantly, preparation is key - identifying threat scenarios, gradually building capabilities, and planning comprehensive incident response, so organizations are able to manage attacks and recover when they do occur.