Amicus ITS has long been an exponent of the merit of having an IT expert on a company Board. Indeed ‘cyber’ has been on Amicus ITS’ own Board’s monthly agenda for the past 18 months.
As we continue to convey this good practice recommendation with our customers, this message is now being endorsed by HM Gov’s Treasury department in a direct appeal to the major UK banks.
As reported in The Sunday Times (240116), Andrew Tyrie, Treasury committee chairman and Tory MP for Chichester, wrote to the major financial institutions over the weekend demanding that they take urgent steps to thwart hacking and data theft. “Bank IT systems don’t appear to be up to the job”, he said. “Every few months we have yet another IT failure at a major bank. These IT weaknesses are exposing millions of people to uncertainty, disruption and sometimes distress. Businesses suffer too. We can’t carry on like this”.
The remedy is no magic potion. The Treasury MP is advocating hard investment in computer systems and that banks answer to a new group within the financial regulator, the Prudential Regulation Authority.
No banks are immune. Barclays, HSBC, Lloyds and the UK tax payer’s own bank Royal Bank of Scotland (RBS) have all suffered outtages. Most recently, HSBC suffered a two day failure in its online banking services in January 2016. This follows last August’s dropout when a glitch prevented salaries being paid ahead of the August Bank Holiday. Other banking failures have included mortgage and pension payments. RBS which has experienced many problems was fined £56 million in 2015 for an IT glitch in 2012 that left millions of customers unable to access their accounts.
The Deputy Governor of the Bank of England, Andrew Bailey is expected to head up a new specialist IT unit within the Bank of England’s Prudential Regulation Authority to ‘ensure lendors are investing enough in their systems’. We wait to see whether this specialist financial regulator post has the teeth and influence to create the necessary change and improvements required – and soon. If our banking blog of 31st January 2014 is anything to go by, it could be a very long wait. Could this MPs plea be one of hope more than expectation?
Irrespective of business sector, it is a timely reminder for companies not to put off updating infrastructures or reinforcing vital firewalls by holding on to unspent, shored up profits post recession. In our technically challenging world, businesses cannot afford NOT to maintain and future-protect their IT systems, let alone ignore recommendations to invest in protecting against increasingly sophisticated and cynical cyber threats facing every organisation.
• 80% of cyber attacks in 2014 were preventable (source: Ponemon Institute)
• Only 21% of companies say their Board gets comprehensive information about cyber threat*.
• Only 17% of Board members believe they have a full understanding of the risks*.
Action – do a cyber health check review of your company after today:
• Re-evaluate the crown jewels of YOUR organisation (key information and data assets)
• Review risk from 3rd party suppliers (get into active compliance).
• Be pro-active and transparent about risk – your customers will thank you.
• Arrange for a cyber threat ‘pen test’ and get in shape for 2016.
In the constantly evolving world of cyber security, the wise understand that there is no panacea against cyber attack, it is just a matter of when – however, those best armed against the enemy will be the ones best prepared for attack, understanding and prompt response.