Core financial services under cyber threat warns Bank of England
The Bank of England has warned of the “serious and growing threat” to stability posed by a cyber attack at the heart of the UK financial system, as essential firms race to protect themselves.
Hackers could potentially disrupt services “vital” to financial institutions, which are being urged to build their resilience to attacks and develop strategies to recover in the event of a breach.
The Financial Policy Committee (FPC) said firms needed to ensure cyber risk was seen as a “strategic priority” in the boardroom – rather than a “narrow technology issue”.
Recent incidents, including the attack on TalkTalk where more than 150,000 customers saw their personal data accessed by hackers, risked undermining confidence in technology firms, the regulator said.
However the damage done to individual firms would be eclipsed by an attack on the country’s financial infrastructure.
The FCP used the example of a 2013 attack in South Korea which hit television stations and the banking system, knocking out cash machines and online banking nationwide.
Addressing the UK’s response to the cyber crime threat formed part of the Bank of England’s Financial Stability Report released today. A survey showed concern over cyber crime spreading rapidly among UK businesses, far outstripping concerns over other operational risks.
Measures taken by the Bank include testing the vulnerability of firms which underpin the financial system.
After launching the CBEST testing initiative last summer, experts identified 35 “core firms” inclduding the largest banks, investment firms, payment systems, clearing houses and exchanges which required assessment.
To date 10 of the earmarked institutions have completed the tests, while nine are currently undergoing assessment. A further 12 are preparing to undergo testing and four are in the preliminary stages of evaluation.
Costs of testing and protection are met by each firm individually. The CBEST framework is due to be absorbed into part of the Bank’s supervisory activity, although members could also be held to account under the Senior Managers Regime.
The UK has joined with the US and a string of major global financial firms to build up co-operation and response to cyber attacks.
The Bank, along with the Financial Conduct Authority (FCA) and the Treasury, will review the cyber security of the list of core firms. The FCP is due to receive a report on work the work next summer.
Bank of England governor Mark Carney said “elevated” international security risks, in the wake of the terror attacks in Paris and amid a worsening situation in the Middle East, had been taken into account when assessing the UK’s cyber security.
He said: “There are state actors and there are other non-state actors with a geopolitical bent that can come through cyber and that work on resilience is ongoing. “In that environment we need to build resilience. Our overall message is we have built resilience, without question.”