Directors at banks and organisations core to the financial system have six months to outline their strategies to protect against potential cyber attacks, according to the minutes of a recent Bank of England Financial Policy Committee (FPC) meeting.
The FPC is demanding that board members address this rather than passing responsibility to IT departments.
The meeting minutes referred to a recent report from the Treasury on the progress being made to make the financial system more resilient to cyber attack – it said “the threat had many dimensions and was growing”.
“The financial system had a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems,” read the FPC meeting minutes.
The committee said effective steps had been taken, including general guidance on best practice, and the approach outlined by the Treasury was moving things in the right direction.
Read more on cyber threats
But it now wants a “concrete plan in place to deliver a high level of protection against cyber attacks for each institution at the core of the financial system, including banks and infrastructure providers, recognising the need to adapt to evolving threats”.
It recommended that these action plans was completed by the first quarter of next year and that a progress report to the FPC from the relevant regulatory boards be completed by the end of 2013.
During the meeting, the Bank of England said it planned to review its own resilience in relation to cyber attacks.
One security source said the UK financial system is continuously under cyber attack.
Read more on IT risk management
Financial services sector’s cloud use set for more regulatory scrutiny on resilience grounds
Banks given three months to report on how they respond to outages
Brexit a greater risk to UK financial system than cyber attack
Bank of England to set minimum service requirements after TSB and Visa outages