Bank of England and Treasury set banks cyber security deadline

Directors at banks and organisations core to the financial system have six months to outline their cyber security strategies

Directors at banks and organisations core to the financial system have six months to outline their strategies to protect against potential cyber attacks, according to the minutes of a recent Bank of England Financial Policy Committee (FPC) meeting.

The FPC is demanding that board members address this rather than passing responsibility to IT departments.

The meeting minutes referred to a recent report from the Treasury on the progress being made to make the financial system more resilient to cyber attack – it said “the threat had many dimensions and was growing”.

“The financial system had a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems,” read the FPC meeting minutes.

The committee said effective steps had been taken, including general guidance on best practice, and the approach outlined by the Treasury was moving things in the right direction.

But it now wants a “concrete plan in place to deliver a high level of protection against cyber attacks for each institution at the core of the financial system, including banks and infrastructure providers, recognising the need to adapt to evolving threats”.

It recommended that these action plans was completed by the first quarter of next year and that a progress report to the FPC from the relevant regulatory boards be completed by the end of 2013.

During the meeting, the Bank of England said it planned to review its own resilience in relation to cyber attacks.

One security source said the UK financial system is continuously under cyber attack.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.