Bank of England to publish new cyber standards by summer to protect financial system under “almost constant attack”

Britain’s financial system is “under almost constant cyber attack” according to a top Bank of England official, with the regulator planning to introduce new standards for financial firms’ computer security.

Sam Woods, a deputy governor at the Bank, said the the Prudential Regulation Authority (PRA), which he heads, will publish new standards expected of firms.

The new standards could be published before the end of the first half of the year, although the timing has not been finalised.

Writing in the PRA’s business plan for the next year, Woods said that “setting out clearly the level of operational resilience we expect of firms and how we will make sure it is delivered is a top priority for the PRA”, alongside preparations for leaving the EU. The business plan also provided for the reallocation of resources from “lower risk supervisory activity” to the Brexit preparations.

The UK’s biggest banks, such as Royal Bank of Scotland, Lloyds, and Barclays, are already subject to heightened cyber resilience requirements, particularly with regard to financial risks; the Bank of England will run another cyber resilience test this year.

However, the watchdog believes more needs to be done. Woods added that “nowhere in the world is there an overarching prudential standard for operational resilience”.

The new standards for banks, insurers and investment firms will increase the PRA’s scrutiny of cyber risks associated with information technology systems, outsourcing, and data outages.

Woods also added that open banking regulations, new this year, “will pose further challenges to existing technologies”, with firms forced to open up their customer data to third parties as long as customers consent.

In September Woods said that regulators’ “emergency” response systems had been triggered six times in the previous 12 months alone, according to Reuters.

He said that the Bank will have three levels of “tolerance” of cyber risks, depending on whether a breach would threaten consumers, firm solvency, or financial stability.



B2B media executive with an unusually broad and international range of experience in both the editorial and commercial aspects of publishing, social media and events. I write a range of content types on technical subjects in wholesale finance and IT and have interviewed senior figures from the public and private sector globally for many years.

Related posts

Your thoughts