Practitioners — Public Auditors · published 2026-05-26 · methodology v2.1

Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon

RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020

What the RLB Specialist Panel found

3. Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon

Question (paraphrased to protect IP): How does the CPMI-IOSCO 2016 Cyber Guidance define 'cyber resilience', and is that definition aligned with the 2018 FSB Cyber Lexicon?
Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
What AI assistants typically say: AI tools provided a specific verbatim-style definition of cyber resilience attributed to the 2016 guidance — "the ability to anticipate, absorb, adapt to, rapidly respond to, and recover from disruption caused by a cyber attack" — and went further to assert that the 2018 FSB Cyber Lexicon explicitly drew on the CPMI-IOSCO definition when establishing its own standardised terminology.
What the regulator actually says: The FSB Cyber Lexicon was published in November 2018, two years after the 2016 guidance. Its standardised definitions postdate the 2016 document and may not match how terms were used in 2016; no claim has been confirmed about whether the Lexicon directionally drew on the CPMI-IOSCO text or developed its definitions independently.
Why the AI went wrong: The AI produced an unverified specific definition attributed to the 2016 guidance and then asserted a directional influence relationship between the two documents — that the FSB Lexicon drew on the CPMI-IOSCO text — for which no evidentiary basis exists. Both the definition's attribution and the claimed influence are fabricated with apparent confidence.
Cited source(s): Regulator portal: https://www.bis.org

Impact for this audience

Where a Public Auditor references a specific definition from the 2016 guidance in an audit opinion, management letter, or regulatory submission, an unverified AI-supplied definition creates a direct professional liability exposure if the attributed text does not appear in the document. The further claim that the FSB Cyber Lexicon drew on the CPMI-IOSCO definition could affect how an auditor characterises the relationship between standards in cross-border work — for example, in jurisdictions where both the CPMI-IOSCO guidance and the FSB Lexicon are cited by local regulators — and a mis-stated influence relationship could mislead a client's audit committee about the coherence of the international standards framework they operate within.

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Opus47 Claude Opus 4.7 (web search on)
RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46 Claude Sonnet 4.6 (web search on)

This finding also affects

← Previous finding Finding 2. Depth of incident response and recovery detail in the 2016 Cyber Guidance Next finding → Finding 4. Currency of the 2016 Cyber Resilience Guidance as the operative international standard

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

Plain text

RegLeg Specialist Panel (2026). "Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon — Practitioners — Public Auditors." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/audiences/practitioners/int/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

APA 7th edition

RegLeg Specialist Panel. (2026). Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/audiences/practitioners/int/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

Bluebook / OSCOLA (US + UK legal)

RegLeg Specialist Panel, Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/audiences/practitioners/int/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/.

BibTeX

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q020,
  author    = {RegLeg Specialist Panel},
  title     = {Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020},
  url       = {https://reglegbrief.com/audiences/practitioners/int/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/}
}

← Back to case study summary Case study detail →

About Citation IDs →