A quarter of UK banks see operational risk as one of the main threats to UK financial stability and over half of these banks said that cyber attacks are a threat following several attacks, according to the Bank of England.
In its Financial Stability Report, November 2013, which looked at the second half of this year the Bank of England revealed that over half of 25% of banks that perceive operational risk as a threat believe cyber attack is a major risk. This compares to the first half of the year when about 23% of banks saw operational risk as a threat and only 6% cited cyber attacks.
The steep increase follows a number of attacks this year.
“In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services. While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions,” said the report.
Peter Armstrong, director of cyber security at Thales UK, said the combination of high interconnectedness, reliance on centralised market infrastructure and complex legacy IT systems are leaving our banks vulnerable to cyber attacks.
More on cyber attacks on banks
He said: “A holistic approach that is designed to tightly integrate cyber defences with processes, people and physical measures is crucial to ensure financial organisations are protected against the latest evolution of threat and attack vectors.
"Banks must make more effort to retrain or re-skill their employees. Much more emphasis should be placed on retention of soft skills, IP, organisational culture, the evolution of internal security policies and knowledge of legacy systems.
"Greater collaboration on cyber issues should also lead to an improvement in cyber awareness and continuous policy evaluation and adaptation, particularly as external attacks multiply faster than legacy IT security solutions can currently keep up with.”