CIOs may invest more as UK banks asked to plan for cyber security

Bank of England and the Financial Conduct Authority (FCA) have asked financial services firms in UK to report on their exposure to cyber security related risks and how they would respond to outages by October 5.
Cybersecurity for CSOsBritish banks and other financial services firms need to explain how they can avoid damaging IT breakdowns and respond to the growing threat of cyber-attacks. The new development will encourage CIOs at banks and financial services to keep more budget for solving cyber security related issues.

The vulnerability of the banking system to technology failures have resulted into problems at payments firm Visa and customers issues at TSB to access their online accounts.

“Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system,” FCA chief executive Andrew Bailey and BoE deputy governor Jon Cunliffe said in a joint statement.

Financial firms such as banks and insurers will have to demonstrate to banking regulators that they have a plan for when crucial systems such as online banking or payment services are disrupted, either by systems failure or deliberate attack.

The regulators suggested two days as an acceptable limit for disruption to a business service in one scenario spelt out in a consultation paper published on Thursday.

Some customers of TSB bank were unable to access online banking services over a month after its first outage in April, which followed a botched systems upgrade.

Regulators say the growing risk of disruption reflects in large part moves by financial firms to upgrade their computer systems to cope with the rise of tech-savvy competitors and growing consumer demand for instant services.

A BoE official said in June that banks and other financial firms will be set targets for recovering from cyber-attacks and other disruptions to key services.

Regulators could, if firms fail to demonstrate adequate back-up plans, require them to take actions such as bolstering capital levels or investing in making their systems more resilient.

The FCA and the BoE emphasized that responsibility for ensuring the resilience of financial firms sat with senior management, who will be held accountable in the event of prolonged disruption.