Cyberattacks are the biggest risk to the UK financial system, according to new research from the Bank of England. However, financial institutions remain confident in their ability to fend off attacks, and believe they are more like to suffer from the impact of rising inflation.
The Bank’s H2 systemic risk survey polled 65 executives in the UK financial sector, and shows that 74% of respondents deemed a cyberattack to be the highest risk to the financial sector in both the short and long term, followed closely by inflation or a geo-political incident.
However, while attacks are potentially very damaging if they do happen, banks remain confident they can repel them. According to the survey, cyberattacks are less likely to materialise (37%) than geopolitical pressures (54%) and the risk of soaring inflation (63%).
The number of respondents who believe their company is at high risk of attack grew rapidly this year, from 31% in the first half of the year to 62% in the second. Those considering the threat to be low has decreased by 20%, to just 3%. What’s more, 83% believe that cyber risk in the financial sector has increased in the past year.
Over the next three years, 72% of respondents believe that the probability of a high-impact cyberattack is high, an increase of 26% from the first half of 2022.
However, respondents felt that inflation would be the most challenging problem to navigate (61%), followed by a cyberattack at 56%.
The survey was carried out in July and August, before Liz Truss took office and the financial markets were plunged into turmoil by the fallout from the government's mini-Budget earlier this month.
Why is the cyberattack risk growing in the financial sector?
The sharp growth of this perceived risk could be due to a combination of a shift in the sector to remote work and the growing adoption of cloud-based services. A report released last month by the Bank of International Settlements has stated that “the growing adoption of cloud-based services as well as the shift to remote work, by both central banks and the industry, has key implications for cybersecurity strategies.”
The blurring of an organisation’s digital and physical boundaries increases cyber risk in the financial sector globally. Cloud adoption has also put financial institutions at a higher risk as misconfiguring the cloud transition can have disastrous consequences. Nearly two out of three cloud environment breaches are a result of a misconfigured cloud transition, states the report.
According to communications regulator Ofcom, the risk of the financial sector’s reliance on cloud services can be mitigated by making sure the pool of providers is small. “The Bank of England, the Financial Conduct Authority and the Prudential Regulation Authority are considering the systemic risks that the reliance of UK financial institutions upon a small number of cloud providers raises to the stability or market integrity of the financial system of the UK,” the regulator stated in a report.