The UK may need to follow in the footsteps of the United States (US) and construct a “super shield” to protect it from catastrophic cyber attacks or major IT glitches that have the potential to cripple the finance industry, a Bank of England (BoE) senior official said.
Reuters reported that BoE director of supervisory risk specialists said individual firms may struggle to meet minimum requirements for restoring services, such as payments within the timescales to be set and tested by the bank.
Speaking at a conference on operational risk, Strange said: “If this were the case, then it would either fall to the public or private sector to come up with a collective solution.
“In the US, a private sector initiative has been set up called Sheltered Harbor to protect customers, financial institutions and public confidence in the financial system if a catastrophic event like a cyber attack causes critical systems, including backups, to fail.”
In compliance with the industry-led, not-for-profit scheme introduced in 2015, firms provide copies of customer account data to a centrally maintained vault. Companies can then designate other organisations to restore critical customer data if they fall victim to a major hack or outage that they cannot recover from quickly.
However, Strange noted that this initiative is yet to be tested in a real cyber event, though it demonstrates that, by working together, “innovative and ambitious solutions” can be initiated within the sector itself.
The BoE will pilot a cyber stress test of financial companies which includes an “impact tolerance” to assess how many customers and payments would be hit by an outage, and how quickly services would be restored.
According to Strange, the disruption seen during TSB’s IT upgrades last year served as an important reminder that banks need to be resilient to a wider range of operational issues and not just cyber attacks.
“We will be working with a small number of firms to ‘test the test’,” Strange concluded.
Despite Strange’s comments, it should be noted that the BoE is already taking action to ensure that banks, insurers and other financial institutions can reduce the impact of cyber attacks or technology outages on customers and recover as soon as possible.
Subscribe to our newsletter to receive breaking news by email.