US regulator Benjamin Lawsky warns finance cyber attack as catastrophic as 9/11

A financial services regulator said a cyber attack on the US finance system could be the computer equivalent of the 9/11 attacks in 2001

A financial services regulator said a cyber attack on the US finance system could be the computer equivalent of the 9/11 attacks in 2001.

Benjamin Lawsky, superintendent of the New York State Department of Financial Services, said he is worried about a major cyber attack on the US finance system.

Speaking at a Bloomberg event in New York, he said an attack could catch the finance system by surprise: "We like to say that, to some extent, the failures to detect the 9/11 plot were a failure of imagination and communication

"I'm worried about the same thing here – that an event will happen and we'll look back and say: 'How did we not do more?'"

He said he thought it only a matter of time before such an attack happens.

Lawsky told delegates at the Bloomberg Markets Most Influential Summit that, although regulators are spending a lot of time preparing action to take, the costs to prevent such an attack are very high – and will have to be paid for by companies, investors and taxpayers. He said insurers should offer coverage against cyber crime on the condition that companies take strong security steps.

One senior security professional at a large bank said: "Hackers have no geographical limitations, so people in the US who think they are out of harm’s way for physical attacks are certainly not out of harm’s way for cyber attacks. 

"Maybe millions of people will wake up one morning and find zero in all their bank balances. I have no doubt the bad guys are working hard on trying to do this.”

He said this could not be easily fixed.

Warning signs

The threat is not new and has been gaining momentum this year. In August 2014 the FBI said it was investigating a series of co-ordinated cyber attacks at JP Morgan Chase and at least four other financial institutions. The attacks fuelled concerns about the vulnerability of financial institutions and markets.

Also in August a report from business consultancy KPMG said cyber attack or disruption could cause the next systemic shock to the UK banking industry, rather than a liquidity crunch. It said that, while the banking industry has addressed many of the problems that had led to the financial crisis in 2008, cyber attacks or very large systems outages represented threats yet to be addressed.

In June 2014, Andrew Haldane, director of financial stability at the Bank of England, said cyber attacks are the top risk for UK banks. Haldane told parliament’s Treasury Select Committee that concerns over cyber attacks top even those around the eurozone crisis. He warned UK’s banks must do more to protect themselves.

In November 2013, the Bank of England said a quarter of UK banks see operational risk as one of the main threats to UK financial stability. Over half of these banks said cyber attacks are a threat, following several attacks.

There are moves by government and financial services organisations to shore up cyber defences. The British Bankers' Association (BBA) this week commissioned BAE Systems Applied Intelligence to create a system that will give banks early warning of cyber threats. The Financial Crime Alerts Service (FCAS) system will allow 12 government and law enforcement agencies, including the National Crime Agency (NCA), to make banks aware of potential threats as early as possible.

Banks across Europe have agreed to work with Europol's cyber crime unit to combat threats to the finance system.



Read more on Security policy and user awareness