The Bank of England has issued a warning to banks, insurers, and market infrastructure companies to take immediate action to strengthen their defences against a potential major cyber attack.
There are growing concerns that Russian-linked hackers will attempt to disrupt the financial system, and the warning follows high-profile attacks earlier this year on Royal Mail and the Guardian. The Bank of England has instructed companies to wargame their response to a severe attack and improve their systems and emergency response plans by March 2025.
The Bank’s Financial Policy Committee has also urged firms to invest in mitigants to better manage risks to financial stability during an incident.
A 2022 survey of 130 global financial institutions found that nearly three-quarters had experienced at least one ransomware attack over the past year.
In February, ION Group, a company that plays a critical role in the plumbing that underpins City trading, was targeted by the same Russian-linked ransomware gang that attacked Royal Mail, causing chaos on City trading desks.
While the Bank’s warning did not specifically identify Russia-linked groups as a potential threat, researchers have warned that deteriorating relations with Moscow have significantly increased the risks. The Bank of England’s call to action comes after its first cyber stress test was held last year for lenders and market infrastructure companies.
The test was an exploratory exercise rather than a formal pass-fail assessment.
The threat posed by cybercriminals to the financial sector cannot be underestimated, and the Bank’s warning serves as a timely reminder for firms to review their cybersecurity measures and take proactive steps to protect against a potential attack.
Firms should plan, prepare and test for such situations, and invest so that their response can effectively mitigate any impact on financial stability until service delivery is restored.