'Significant' costs to businesses could follow hacking of 'vulnerable' bank systems, says Bank of England

Out-Law News | 02 Dec 2013 | 4:37 pm | 1 min. read

Bank systems are susceptible to cyber attacks and a large number of businesses could incur sizeable costs if they are "exploited to disrupt services", the Bank of England (BoE) has warned.

It said that "several banks" had experienced cyber attacks during the past six months and that those incidents had flagged "vulnerabilities". It called on industry to work together with the Government and regulators to help address them.

The BoE's warning, contained in a new report into financial stability (82-page / 2.97MB PDF), follows on from an increase in the number of financial services companies expressing concern about the risk presented to the UK's financial system by cyber security threats. Those concerns were detailed in a survey the BoE published in June.

"Cyber attack has continued to threaten to disrupt the financial system," the BoE said in its new report. "In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services. While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions."

Earlier this month approximately 100 people representing around 30 financial services organisations participated in a cyber security exercise carried out in London. The exercise was designed to test the way that banks and other financial services companies react to a major cyber attack from a large group of hackers. The BoE, the Treasury and the Financial Conduct Authority (FCA) all took part.

The BoE said that it was important for financial services companies to continue to participate in similar events in future.

"The financial system has a number of potential vulnerabilities to cyber attack, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems," it said. "As recommended, HM Treasury, relevant government agencies and the financial authorities have drawn up a shared programme of work to assess, test and improve cyber resilience across core parts of the UK financial sector. Engagement by industry is vital if the aims of the recommendation are to be achieved."