UK Banks not reporting all cyber-attacks
A large number of cases have never been revealed
Many cyber-attacks on large UK banks go un-reported out of fear of bad publicity, according a recent report.
According to Reuters, reported attacks on financial institutions in Britain have risen from just five in 2014 to 75 so far this year. However, banks and cyber-security experts say many more attacks are taking place.
Unlike many other countries, the UK does not have mandatory breach requirements. Banks are not obliged to reveal every instance as cyber-attacks fall under Britain’s financial Conduct Authority (FCA) provision for companies to report any event that could have a material impact. In the U.S forced disclosure makes reporting more consistent.
Reuters quote Ryan Rubin, U.K managing director of consultants Protiviti, who says: “This is a gray area…Banks are in general fulfilling their legal obligations, but there is also a moral requirement to warn customers of potential losses and to share information with the industry.”
According to the report, failure to disclose more serious cyber incidents, even when unsuccessful, deprives regulators of information that could help prevent further attacks.