Several UK banks hit by cyber attacks in last six months – Bank of England

By Sooraj Shah
28 Nov 2013 View Comments

The Bank of England has revealed that several of the UK's banks have been hit by cyber attacks in the last six months, which have led to the institutions making financial losses.

In its Financial Stability Report, the bank said that the cyber assaults unearthed vulnerabilities in many of the banks' infrastructures, disrupting some services.

Further reading

"Cyber attack has continued to threaten to disrupt the financial system. In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services," the report states.

"While losses have been small relative to UK banks' operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions," it added.

The Bank of England's special resolution unit's head of resilience, John Milne told delegates at Infosecurity Europe 2013 that organisations, particularly retail banks, are victims of cyber attacks because they lack recovery plans for "doomsday scenarios".

"Last year RBS' IT problems affected 17 million customers, but that didn't figure anywhere in RBS' scenario planning [at the time] or indeed in other big retail banks," he said.

The Bank of England's report said that the financial system is susceptible to cyber attacks as it has a "high degree of interconnectedness, reliance on centralised market infrastructure and sometimes complex legacy IT systems".

In a bid to combat this threat, the Financial Policy Committee (FPC) has been working on improving awareness, and warning firms of the need to strengthen their online capabilities.

Last month, it ordered banks and infrastructure providers to come up with "concrete plans" by the end of the first quarter of 2014 to toughen up their cyber defences, with a progress report to be handed to the FPC at the end of 2013.

UK banks have since taken part in a one-day, extensive cyber threat exercise dubbed Operation Waking Shark 2, run by the Bank of England. This aimed to test the ability of the financial system to withstand a major cyber attack and focused on investment banking operations, the cash machine network, a potential liquidity squeeze and the likely fallout across social media.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

39 %
26 %
14 %
21 %