Written by:
Ian Burgess, Principal, Technology and Digital Policy Delivery,
UK Finance


Cyber security is back in the news following recent reports of successful attacks within the financial sector. These attacks have led to significant disruption and reputational damage to the affected institutions. But more importantly customers have borne the brunt of the disruption in their daily lives, and this will have undoubtedly further eroded their trust in the organisations they bank with or who process their payments, as well as the wider financial sector. While cyber-attacks are an inevitable occurrence for financial institutions, successful ones need not be.

One way in which to counter the threat that financial institutions face and reduce the likelihood of a successful cyber attack is through sharing cyber intelligence with other institutions. Philosophically the finance sector needs to realise that ‘a rising tide lifts all ships’ and that cyber security should not be seen as a competitive advantage between companies – the finance sector can only be as strong as its weakest link in this regard.

The impacts of a successful cyber-attack are likely to be felt upstream and downstream in the ever closer connected financial world that now exists. Consequently, the health of the financial sector is directly related to the health of each individual institution and therefore UK Finance’s view is that an attack on one institution is an attack on them all. That is why we are working with members and non-members across the sector to promote a more collaborative approach to sharing cyber intelligence.

Recent evidence¹ has shown that when financial institutions work together in the face of a significant cyber-attack they can more easily identify the route or means that attackers are using, and put in place the appropriate defences and controls in order to mitigate the threat. The result for each institution and their customers is dramatically reduced downtime of services and fraudulent activity.

Collaboration within the finance sector should not just be confined to its institutions; law enforcement, regulators and government must also be involved in these conversations. The National Cyber Security Centre (NCSC) and National Crime Agency (NCA) are key partners for the finance sector, in order to reduce the impact of cyber attacks by managing cross sector collaboration. They are also instrumental in attributing attacks and criminally prosecuting perpetrators, thereby removing the threat entirely.

Regulators already work closely with institutions during a cyber incident. The requirements on firms are well known and essential to ensure regulators are kept informed of the impact on the affected institution and any possible wider impact. The Bank of England, in its role as the central bank, must also react quickly to any threats which have the potential to adversely affect the sector. Cyber collaboration must involve these groups, given their remit within the finance sector.

A strong and robust financial sector is a crucial component in sustaining the UK’s economy. Effective cyber collaboration can provide tangible benefits to not only the institutions involved and their customers, but the finance sector and the country as a whole. Ensuring that individual institutions buy into the need for cyber collaboration and share actionable cyber intelligence has been shown to be a highly successful way in which to keep themselves, their customers and the sector safer from the threat of cyber-attacks.

¹ https://www.ft.com/content/2e582594-48ab-11e8-8ee8-cae73aab7ccb


Related Event:

Economic Crime Congress – 12 December 2018
Cyber security and cyber collaboration will be key themes at the UK Finance Economic Crime Congress in December. This multi-stream, one-day event will bring together top international and UK experts to discuss the key economic crime topics in 2018 including anti-money laundering, financial sanctions, mortgage fraud, anti-bribery and corruption, terrorism financing and fraud prevention. The event is sponsored by LexisNexis Risk Solutions.

The need for cyber collaboration