People do much of their finances online nowadays and that means everyone is more exposed to cyber-crime. Businesses call this cyber-risk and it can cost them money, cause disruption or damage their reputation.
Criminals target banks because there’s a lot of money and sensitive data at stake. It’s no easy job – banks have advanced security measures in place to stay safe. But it’s impossible to predict the nature of every attack as sophisticated criminals keep developing new tactics and approaches.
It’s impossible to rule out any risk but generally speaking, yes. In most circumstances, your bank must refund you for any unauthorised payments according to the Financial Conduct Authority.
A cyber-attack on your bank might not affect you. Seven of the UK’s biggest banks had to reduce operations or shut down entire systems following an attack in November 2017. According to the National Crime Agency, it cost hundreds of thousands of pounds to get services back up and running. But the attack had little impact on consumers.
While we believe a successful attack on the UK’s infrastructure is unavoidable, your data is likely to be safe. Most attacks on banks don’t involve any removal of data. Instead attackers disrupt services by bombarding websites with fake requests. They then ask the bank to pay money in return for stopping the attack, allowing services to resume. Sometimes, attacks happen purely so the attackers can learn about a company’s defences – not to access data.
Banks and building societies are some of the safest organisations in the world. This is because regulators work with them to help make sure:
You can also follow three simple steps to stay safe online. Keep strong and unique passwords for all of your online accounts. Protect all your devices with up-to-date anti-virus software. Finally, make sure all of your software and operating systems are up-to-date to reduce any weaknesses.
Who are the people behind cyber-attacks?
Individual banks are responsible for protecting themselves and their customers against cyber-attacks. We’re concerned with how the companies that are most important to the wider financial system handle cyber-risk.
We have designed tests using simulated attacks that the top 30 companies use to test themselves. They have to share the results with us. We expect certain standards of them, depending on how important they are to the wider system.
When cyber-risk affects one of the 1500 companies we regulate, we work with the Financial Conduct Authority, the Treasury and the National Cyber Security Centre to coordinate our response.