The Bank of England (BoE) held a one-day “cyber resilience” exercise on Friday designed to test the UK banking sector’s ability to withstand a major attack.
In a brief statement, the BoE explained it had partnered with the Treasury, regulator the Financial Conduct Authority (FCA) and other industry bodies to run the event.
“This exercise forms a vital part of the sector-wide biennial process that seeks to ensure the industry is prepared for — and can respond effectively to —any major disruption stemming from a cyber incident, protecting the financial system on which the public relies,” it said. “The exercise will help authorities and firms identify improvements to our collective response arrangements, improving the resilience of the sector as a whole.”
The BoE’s Systemic Risk Survey for the first half of 2018 placed cyber incidents in joint second alongside geopolitical risk, with 62% of financial institutions citing them as a major risk to the UK’s financial system. That figure apparently stands at an all-time high.
Released in June, the study also revealed an increase in the number of respondents claiming that cyber-attacks are the risk most challenging to manage, to over half (51%).
The continued focus on industry-wide cyber stress tests like this was welcomed by industry experts, including ESET’s Jake Moore.
“Cyber-attacks aren’t a possibility, they are an eventuality, so we will never have enough people, systems or money to prevent or detect an attack,” he argued. “Therefore, you need to invest in training as well as multiple prevention techniques to make it work. However, it is not always as simple as that, so making training engaging and even fun adds impact to the way it sinks in and quickly makes it second nature.”
Pete Banham, cyber resilience expert at Mimecast, claimed that other sectors should think about running similar initiatives.
“The fact that firms aren’t being tested on a pass or fail basis is significant as it means they will be transparent about their current capabilities, rather than worrying about being exposed as unprepared. This will help them work towards being adequately prepared for large-scale cyber-attacks and ensure they have the right cyber-resilience strategy in place,” he argued.
“Hackers are always lying in wait, so we need to see more instances of sectors uniting to combat malicious attacks.”