What is cyber-risk?
People do much of their finances online nowadays and that means everyone is more exposed to cyber-crime. Businesses call this cyber-risk and it can cost them money, cause disruption or damage their reputation.
Criminals target banks because there’s a lot of money and sensitive data at stake. It’s no easy job – banks have advanced security measures in place to stay safe. But it’s impossible to predict the nature of every attack as sophisticated criminals keep developing new tactics and approaches.
Are my money and data safe?
It’s impossible to rule out any risk but generally speaking, yes. In most circumstances, your bank must refund you for any unauthorised payments according to the Financial Conduct Authority.
A cyber-attack on your bank might not affect you. Seven of the UK’s biggest banks had to reduce operations or shut down entire systems following an attack in November 2017. According to the National Crime Agency, it cost hundreds of thousands of pounds to get services back up and running. But the attack had little impact on consumers.
While we believe a successful attack on the UK’s infrastructure is unavoidable, your data is likely to be safe. Most attacks on banks don’t involve any removal of data. Instead attackers disrupt services by bombarding websites with fake requests. They then ask the bank to pay money in return for stopping the attack, allowing services to resume. Sometimes, attacks happen purely so the attackers can learn about a company’s defences – not to access data.
Banks and building societies are some of the safest organisations in the world. This is because regulators work with them to help make sure:
- your money is kept where it should be
- your data stays the way it should
- fraud is prevented, although this is a difficult task
- banking services are kept up and going
You can also follow three simple steps to stay safe online. Keep strong and unique passwords for all of your online accounts. Protect all your devices with up-to-date anti-virus software. Finally, make sure all of your software and operating systems are up to date to reduce any weaknesses.
Who are the people behind cyber-attacks?
Bank of England's explainer on cyber-attacks.
Films and news reports, often depict the hacker as a lone young man in a dark hoodie with a laptop. In reality there’s no one size fits all. The five main categories are:
Nation states, well-funded spies and hackers who seek sensitive information, which could provide economic, political or military advantages to their home country.
Organised criminals, who try to steal money or valuable data from companies. Often exploiting vulnerabilities in large organisations through their technology or their people.
Criminals, it’s becoming easier for people with little or no technical ability to rent services that support fraud, ransom and theft, often aimed against individuals. Ransomware, where people can’t access their computer files is an example.
Hacktivists, motivated by ideology, one of the most prolific groups is anonymous, who have attacked several governments, corporations and the Church of Scientology among many other targets.
Malicious insiders are employees in an organisation that want personal gain, money or revenge.
What’s the Bank of England doing about cyber-risk?
Individual banks are responsible for protecting themselves and their customers against cyber-attacks. We’re concerned with how the companies that are most important to the wider financial system handle cyber-risk.
We have designed tests using simulated attacks that the top 30 companies use to test themselves. They have to share the results with us. We expect certain standards of them, depending on how important they are to the wider system.
When cyber-risk affects one of the 1,500 companies we regulate, we work with the Financial Conduct Authority, the Treasury and the National Cyber Security Centre to co-ordinate our response.