Too many UK financial services organisations still view online threats as a ‘technical’ rather than a board-level issue, according to a new report from the Bank of England.
The BoE’s December 2014 Financial Stability Report, launched this week, reported on progress made since previous recommendations.
It had this to say of the June 2013 recommendations it made for the government to work with the financial services sector more closely to “put in place a program of work to improve and test resilience to cyber attack”:
“The FPC received an update on work by HM Treasury, the Bank and regulators to enhance cyber resilience. All core firms and financial market infrastructures have submitted a self-assessment on cyber resilience, and these have been reviewed by the regulators. Although these assessments have not revealed any critical shortcomings at this stage regulators have noted some areas for improvement, including a tendency among firms to view cyber threats as a ‘technical’ problem — rather than as an issue which merits board-level attention given the evolving nature of cyber threats and the key importance of cyber resilience to continuity of financial services. Supervisors are working with firms to agree timetables for remediation.”
The BoE is hoping these self-assessments, alongside tests developed according to the new CBEST framework launched earlier this year, will help “form the basis for specific and concrete action plans for firms.”
It urged core “firms and financial market infrastructures” to conduct CBEST tests as quickly as possible to improve resilience, and said it would be reviewing progress in Q2 2015.
The report highlighted the continued cyber risks facing financial institutions, citing an attack on a large US bank in August in which attackers stole information on over 80 million customers.
“A significant proportion of respondents to the Bank of England’s 2014 H2 Systemic Risk Survey cited operational risks from cyber attack as a key risk to UK financial stability,” it added.
“While that was lower than during 2014 H1, the proportion of respondents that highlighted risks from terrorism, including cyber terrorism, rose markedly.”
Chris McIntosh, CEO of security and comms firm ViaSat UK, argued that given the “growing range of technologies and techniques” in the attackers’ arsenal, regulators are right to push for greater resilience among financial institutions.
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/boe-urges-industry-to-step-up/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.