Yahoo Finance MPs warn system for preventing cyber attacks against banks needs to be overhauled in wake of Tesco hack
The chain of command for tackling cyber threats against banks is as opaque and leaderless as the confusing financial regulation that contributed to the credit crunch, the influential head of the Treasury Select Committee (TSC) has warned.
Andrew Tyrie, the MP who chairs the TSC, has called on the Government to appoint a single official who is responsible for managing attacks against financial firms and is accountable directly to a single minister such as the Chancellor of Exchequer.
Mr Tyrie likened the current “headless framework” to the tripartite regime of the Financial Services Authority, Treasury and Bank of England that regulated the banking industry before the financial crisis - a complex set-up widely attacked for being "asleep at the wheel" in the run-up to the 2008 financial crisis.
“The lines of responsibility and accountability for reducing cyber threats remain opaque,” said Mr Tyrie, who argued that the present system is ripe for exploitation by criminals.
In a letter to Chancellor Philip Hammond that was published today and sent last month, the TSC chairman warned that current the system for managing cyber crime is “unclear”.
Executives at banks say their businesses are under almost constant attack from hackers, and the threat is becoming more severe. Last November, Tesco Bank fell victim to the most serious cyber crime ever launched against a British bank that resulted in about £2.5m being stolen from 9,000 accounts.
In January, Lloyds Banking Group’s websites were disrupted by the worst denial of service attack the lender has ever suffered, which stopped customers from accessing accounts online for more than two days.
Presently, the Treasury chairs what it calls a “director level group” that manages the cyber work of the Financial Conduct Authority, Prudential Regulation Authority, the cabinet office, GCHQ’s National Cyber Security Centre and the National Crime Agency.
Mr Hammond wrote to Mr Tyrie in January to reassure him that “this is supported by a deputy director and working level groups” and that “this governance framework provides a single point to address cyber issues in the finance sector”.
However, Mr Tyrie said today: “But who is in charge? Is it the director or does the framework take precedence? Who is he or she? A headless framework scarcely inspires confidence.
“That sounds perilously resonant of the catastrophically inadequate and headless tripartite authorities, supposedly set up to monitor system risk in banking in 1997.
“The problem with such committees and frameworks is that all too often they only get the attention they deserve after a crisis – when it’s too late. This must not be permitted to happen in the case of financial cyber risk.”
