The Bank of England is to test banks’ resilience to resist and recover from a cyber attack on their payments systems.
In its Financial Stability report, the BofE says it intends to work with the Prudential Regulatory Authority and the UK’s National Cyber Security Centre to test the ability of firms to meet a defined set of minimum recovery standards, setting a tolerance point after which it judges disruption would begin to cause material economic impact.
In the Bank’s latest Systemic Risk Survey, published alongside the
Financial Stability Report, 62% of banks cited cybersecurity as a key source of risk, up from 51% a year ago.
The Bank says it will consult with firms with a view to conducting a pilot of the approach to stress testing cyber resilience in 2019.
Although not systemic in nature, disruption caused by IT outages such as those experienced by Visa and TSB recently, highlight the importance of operational risk beyond cyber incidents for individual firms and consumer protection, says the Bank, and provides a pointer to further work for regulatory authorities. The Bank will publish a discussion paper on this issue next Thursday.