Several UK banks have been compromised by hackers over the last six months, leading to financial losses, according to a recently published report by the Bank of England (BOE).
The UK's central bank said in its latest Financial Stability Report that cyber security was a major concern for the financial sector and a number of institutions had been subject to attacks, although it did not say which financial instutions had suffered such compromises.
A holistic approach that is designed to tightly integrate cyber-defences with processes, people and physical measures is crucial
"Several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services," it said and added that while losses have been small the attacks have "revealed vulnerabilities".
"If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions," the report said.
Minutes of the Bank of England's Financial Policy Committee (FPC) meeting in September warned that the financial market in the UK is open to attack as it is linked into to so many other systems.
It said the financial system has "a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems".
The FPC said that in order to combat the threat, it had been working on an action plan that would "assess, test, and improve cyber resilience across core parts of the financial sector."
Peter Armstrong, director of cyber security at Thales UK said that the report comes as "little surprise".
"A holistic approach that is designed to tightly integrate cyber-defences with processes, people and physical measures is crucial to ensure financial organisations are protected against the latest evolution of threat and attack vectors," he said.
Armstrong added that banks must make more effort to retrain or re-skill their employees.
"Much more emphasis should be placed on retention of soft skills, IP, organisational culture, the evolution of internal security policies and knowledge of legacy systems. Greater collaboration on cyber issues should also lead to an improvement in cyber awareness and continuous policy evaluation and adaptation, particularly as external attacks multiply faster than legacy IT security solutions can currently keep up with," he said.
