Cyber attacks are the top risk for UK banks, says Andrew Haldane, director of financial stability at the Bank of...
Concerns over cyber attacks top even those around the eurozone crisis and the UK’s banks must do more to protect themselves, Haldane told parliament’s Treasury Select Committee.
Reporting on meetings with the UK’s top five banks six months ago, Haldane said four had told him cyber attack was their biggest threat, according to Reuters.
The fifth bank had since added cyber threats to its list of top risks, Haldane told the Treasury Select Committee.
"You can see why the financial sector would be a particularly good target for someone wanting to wreak havoc through the cyber route," he said.
Despite this, Haldane – who has just been re-appointed to the Bank of England’s Financial Policy Committee (FPC) - believes understanding and managing cyber risk is still at a fairly early stage.
"I hope we can do more on this at the FPC as part of wider government initiatives," he said.
Read more about payment card fraud
- Eight hackers charged with $45m cyber fraud
- Fraudsters widen card-skimming operations in Europe
- Barclays Bank card data vulnerable to mobile phone scanning fraud
- Credit card fraud drops as industry fights back
- UK companies breaching credit card compliance
- FBI undercover operation leads to huge online credit card fraud sting
In May, the scale of the threat was highlighted when US federal authorities charged eight hackers in connection with a $45m pre-paid debit card fraud scheme.
The hackers are believed to have broken into pre-paid debit card databases to raise the limit on cards before withdrawing money from cash machines in 26 countries using cloned debit cards.
In a similar heist in 2008, a gang took money from cash machines in 49 cities around the world using cloned debit cards.
Top cyber threats
Top threats included vulnerabilities in mobile technologies and social media, financial fraud and "hacktivist" groups, the report said.
David Gibson, vice-president with data governance firm Varonis, said Haldane was right to be concerned about the issue.
“It is clear that cyber criminals are now after any customer data they can extract from financial services institutions like banks, in order to monetise their frauds,” he said.
The large number of breaches occurring on an almost daily basis shows businesses are still struggling to get the basics right when it comes to securing their data, said Gibson.
“For this reason, all businesses – and not just banks - have a role to play in eradicating their bad digital habits and taking more control of their security by implementing basic security best practices,” he said.
For example, businesses should ensure staff have access only to the data they need, that all access to all data is monitored and abuse is investigated.