Bank of England calls for plans to improve banks' resilience to cyber attacks

Complex legacy IT creating vulnerabilities in finance sector

The Bank of England has demanded that banks move to improve resiliency against cyber attacks, warning that complex legacy IT systems are leaving the finance sector vulnerable to a "growing" cyber threat.

A recent meeting of the Bank's Financial Policy Committee (FPC) called on regulators to ensure that "concrete plans" are put in place by the board of directors at UK banks in order to deliver a high level of protection to rapidly evolving cyber threats.

In the minutes of the meeting it was highlighted that HMT Treasury had already begun to put in place a programme of work to "assess, test and improve" the financial sector's resilience to cyber attacks.

A number of vulnerabilities were identified which leave the UK banking sector open to attack, including the "high degree of interconnectedness", "reliance on centralised market infrastructure", and "complex legacy IT systems". It was added that the risk of cyber attack "had many dimensions and was growing".

The Bank, which had problems with its own legacy infrastructure recently, also noted that it would test the resilience of its own systems.

The committee has now called for the Treasury and regulators to ensure that firm plans are drawn up by banks by the first quarter of 2014, with a progress report due to be published on 3 December 2013.

Earlier this year the Bank's director of financial stability Andrew Haldane said that the banks should be viewing cyber attacks as one of them most prominent threats, creating more of a threat to their stability than the Eurozone crisis.