Cyber attacks replace eurozone crisis as greatest worry for banks
WORRIES over hacking and other cyber attacks have pushed aside the eurozone crisis as the top risk for Britain's banks and they must do more to protect themselves, a senior Bank of England official said yesterday.
Global cyber crime in the financial sector has become a more pressing worry, underlined by a series of cases this year.
US prosecutors last month laid out details of a crime ring they say stole $45m (€34m) from two Middle-Eastern banks by hacking into credit-card processing firms and withdrawing money from cash machines in 27 countries.
Andrew Haldane, the BoE's director of financial stability, met with five of Britain's top banks six months ago and four told him that a cyber attack was their biggest threat.
It was surprising the fifth bank did not have this risk on their list but it does now, Mr Haldane told parliament's Treasury Select Committee.
"You can see why the financial sector would be a particularly good target for someone wanting to wreak havoc through the cyber route," he added.
"Understanding and management of this risk was still at a somewhat early stage," Mr Haldane said.
Earlier meetings with bank chiefs had pointed to the "usual suspects" of the eurozone crisis or a slump in the economy at the top risk, Mr Haldane said.
The focus on credit, market and liquidity risk over the past five years may have distracted attention from operational, and in particular cyber risks, at banks or in infrastructure like payment systems, Mr Haldane said.
Mr Haldane was being quizzed by lawmakers on his re-appointment to the BoE's Financial Policy Committee (FPC).
"I hope we can do more on this at the FPC as part of wider government initiatives," Mr Haldane said.
A series of cyber attacks that repeatedly knocked major US banking websites offline in the past nine months has been more powerful than the general public realises, US government officials and security experts said last month.
A self-described activist group, Cyber Fighters of Izz ad-din Al Qassam, claimed credit for the distributed denial-of-service (DDoS) attacks that took down the websites of more than a dozen US banks for hours or even days at a time. Members of congressional intelligence committees said the attacks were sponsored by Iran and showed its growing capability in cyberspace.
The chairman of the main committee in Congress responsible for these matters, Mike Rogers, said last month that US banks, internet service providers and security companies "have had trouble keeping up with the recent DDoS attacks that have had the sophistication and the level of resources that a nation-state entity like Iran can devote to them."
In three waves of attacks since September, consumers have reported inability to conduct online transactions at more than a dozen banks.