The Financial Policy Committee (FPC) is to devise a way of toughening up bank’s cyber defences in the next six months.
According to point 13 of the FPC meeting held on 18th September, a report from the Treasury, government agencies and Financial Conduct recommended a programme of work to assess, test and improve the financial system’s resilience to cyber attacks.
The minutes claimed that the “the threat had many dimensions and was growing”, and combined with a number of potential vulnerabilities in the financial system and a reliance on centralised market infrastructure, and complex legacy IT systems.
It was recommended that the boards of the relevant supervisory bodies ensure that there was a “concrete plan” in place to deliver a high level of protection against cyber attacks at the core of the financial system to recognise the need to adapt to evolving threats. As part of a progress report, the work to construct action plans should be completed by the first quarter of 2014 and as part of that, banks would be reviewing their own resilience.
The committee are also working towards a stress testing framework to assess the capital adequacy of the UK banking system, following discussions on the range of institutions that should be covered by the tests, scenario design, modelling approach, appropriate hurdle rates and the granularity of public disclosure.
According to Sky News, the Bank of England has also separately published plans on how to stress test banks each year, proposing to initially limit the exercise to the eight largest players – HSBC, Barclays, RBS, Lloyds Banking Group, Standard Chartered, Santander, Nationwide Building Society and Co-operative Bank.
Dana Tamir, director of enterprise security product marketing at Trusteer, said: “Improving cyber-attack resilience should be a top priority for UK banks and financial institutions, which have always been a top target. Recent cyber-attacks on US banks have caused losses estimated in millions of dollars.
“Both the frequency and sophistication of such attacks is increasing. Cyber criminals are using all means available, including DDOS attacks that target the online banking systems from the outside, and advanced malware that enables the attacker to gain control over an internal employee endpoint, and attack these systems from the inside.”
