Banks and financial services firms must report to the Bank of England and the Financial Conduct Authority on their exposure to risks and plans for mitigation.
In the wake of a number of massive hacks and tech-related outages, UK banks and financial services firms will be required to detail their plans to avoid damaging disruptions to authorities by this fall, according to a Reuters report.
The Bank of England and the Financial Conduct Authority announced this week that financial service firms must report back to them by October 5, 2018 on their exposure to risks, and how they would respond to any outages or an attack, the report noted.
Banks and other financial service organizations are highly vulnerable to such attacks, as highlighted by the recent botched TSB Bank IT upgrade, which left 1.9 million customers locked out of their accounts, while 1,300 had money stolen by frauders exploiting the IT vulnerability.
SEE: Network security policy template (Tech Pro Research)
Like TSB Bank, many financial services firms are also facing service disruptions during efforts to update online systems and compete with digital native competitors. And as we saw in that case, those recovering from outages are even more likely to be targeted by criminals.
"Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system," Financial Conduct Authority chief executive Andrew Bailey and Bank of England deputy governor Jon Cunliffe said in a joint statement to Reuters.
The firms will have to show regulators that they have a plan in place for when systems like online banking or payment services are disrupted, either by systems failures or by attacks, the report noted. The regulators have suggested that two days is the acceptable limit for disruption to one of these services.
In the case of TSB Bank, some customers were still unable to access their online accounts more than a month after the outage occurred in April.
If firms do not present adequate plans for these instances, the regulators could require them to take action, such as by investing in making their systems stronger, Reuters reported. Ultimately, senior management of these firms will be held responsible in the event of prolonged disruption, the regulators noted.
The big takeaways for tech leaders:
- UK banks and financial services firms will be required to detail their plans to avoid damaging disruptions to authorities by October.
- Many financial services firms are facing service disruptions during efforts to update online systems, leaving those recovering from outages more likely to be targeted by criminals.
- How to set up two-factor authentication for your favorite platforms and services (free PDF) (TechRepublic)
- The dumbest passwords people still use (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Password-sharing politicians prompt security row (ZDNet)
- Businesses in these 10 US cities are most likely to get hit by cyberattacks (TechRepublic)