The UK’s political environment was seen as the biggest risk to the financial system with 80% of respondents to a Bank of England report specifically citing Brexit as a risk, but cyber attack was cited by more than half as the most difficult risk to manage.
Cyber security was cited as a risk by 62% of respondents to the biannual survey from the UK financial services regulator. This was an increase for the third consecutive survey reaching a record high.
Although Brexit was seen as the biggest risk, more than half (51%) of respondents that said cyber security is the most challenging risk to manage, after an increase of 5% in the number compared to the previous report.
Banks need to get to grips with being ready to manage cyber attacks if they occur as regulator’s Financial Policy Committee (FPC) is setting standards for how quickly critical financial companies must be able to restore vital services after a a cyber attack.
“Firms have primary responsibility for their ability to resist and recover from cyber attack. The impact tolerances being established by the FPC will be based on the time after which disruption to services could cause material economic impact,” said the Bank of England report.
The FPC will work with organisations such as the National Cyber Security Centre, to test that firms would be able to meet these standards.
Lyndon Nelson, deputy chief executive of the Bank of England’s Prudential Regulation Authority, recently said: “We have seen an increase in the number of operational incidents – be they caused by internal failures or from external attack.”
He said the FPC had been considering its tolerance of failures in the sector. “As part of this work, it is likely the FPC will set a minimum level of service provision it expects for the delivery of key economic functions in the event of a severe but plausible operational disruption,” he said.
But the Bank of England acknowledges that in the most extreme cases, financial services companies would not be able to meet its standard for tolerance because “to do so would make the effective provision of financial services inefficient”. As a result, the FPC intends “stress-testing scenarios to be severe but plausible”.
Recent IT failures at TSB and Visa have demonstrated the risks to the financial services sector that an IT failure presents, with cyber attack a potential cause.
“While they did not have systemic consequences, recent episodes of disruption to customers using the Visa payment system and of TSB Bank highlighted the importance of operational risk beyond cyber incidents for individual firms and consumer protection,” said the Bank of England report.