Cyber attacks top banking risk, says Bank of England

Cyber attacks are the top risk for UK banks, says Andrew Haldane, director of financial stability at the Bank of England

Cyber attacks are the top risk for UK banks, says Andrew Haldane, director of financial stability at the Bank of England.

Concerns over cyber attacks top even those around the eurozone crisis and the UK’s banks must do more to protect themselves, Haldane told parliament’s Treasury Select Committee.

Reporting on meetings with the UK’s top five banks six months ago, Haldane said four had told him cyber attack was their biggest threat, according to Reuters.

The fifth bank had since added cyber threats to its list of top risks, Haldane told the Treasury Select Committee.

"You can see why the financial sector would be a particularly good target for someone wanting to wreak havoc through the cyber route," he said.

Despite this, Haldane – who has just been re-appointed to the Bank of England’s Financial Policy Committee (FPC) - believes understanding and managing cyber risk is still at a fairly early stage.

"I hope we can do more on this at the FPC as part of wider government initiatives," he said.


In May, the scale of the threat was highlighted when US federal authorities charged eight hackers in connection with a $45m pre-paid debit card fraud scheme.

The hackers are believed to have broken into pre-paid debit card databases to raise the limit on cards before withdrawing money from cash machines in 26 countries using cloned debit cards.

In a similar heist in 2008, a gang took money from cash machines in 49 cities around the world using cloned debit cards.

The thefts stemmed from a data breach at RBS WorldPay, in which hackers stole the personal data of 1.5 million card holders a month earlier.

In July 2012, a Deloitte financial services industry report revealed that nearly a quarter of the world's banks had been hit by security breaches in the preceding 12 months.

Top cyber threats

Top threats included vulnerabilities in mobile technologies and social media, financial fraud and "hacktivist" groups, the report said.

David Gibson, vice-president with data governance firm Varonis, said Haldane was right to be concerned about the issue.

“It is clear that cyber criminals are now after any customer data they can extract from financial services institutions like banks, in order to monetise their frauds,” he said.

The large number of breaches occurring on an almost daily basis shows businesses are still struggling to get the basics right when it comes to securing their data, said Gibson.

“For this reason, all businesses – and not just banks - have a role to play in eradicating their bad digital habits and taking more control of their security by implementing basic security best practices,” he said.

For example, businesses should ensure staff have access only to the data they need, that all access to all data is monitored and abuse is investigated.

Read more on Hackers and cybercrime prevention