Bank of England Sector Resilience Exercise
The Bank of England has today published the high level findings of the financial sector (“sector”) cyber simulation exercise that took place on 9th November 2018. The exercise, commissioned by the Cross Market Operational Resilience Group jointly chaired by the Bank and UK Finance, explored the sector’s resilience to a major cyber incident impacting the UK. The exercise demonstrated that recommendations from the last sector exercise have been implemented and identified further opportunities for improvement. It also successfully rehearsed the Cross Market Business Continuity Group, an executive level group chaired by the Bank to enable financial authorities (Bank of England, PRA, FCA and HMT) to interact with the sector during times of major operational disruption.
Alongside the financial authorities, participants included 29 of the most systemically important firms and Financial Market Infrastructures. Participants responded to a severe but plausible cyber-attack scenario targeting the sector.
As the report sets out, the exercising found:
- Opportunities to improve the way firms coordinate at an operational level during incidents that impact the sector,
- Disparity in risk tolerance for suspending services could impact the functioning of the financial sector,
- Recovery of services is impacted by differences in the way data is stored across the financial sector, and
- Effective and consistent communications are key to maintaining customer and market confidence.
Specific recommendations linked to the 2018 exercise key themes will be taken forward by the participants and authorities.
Sam Woods, the Deputy Governor for the Prudential Regulation Authority said “Exercising continues to form a very important part of our resilience strategy, which aims to ensure that we are prepared and can respond effectively to a major operational disruption such as a cyber-attack. The 2018 exercise contributed to this and we will maintain our exercise regime going forward.”
Stephen Jones, the CEO for UK Finance said “Regular sector-wide exercises provide a vital means of allowing the industry and its regulators to ensure they are prepared for a potential major disruption or event and can respond effectively, thereby protecting the UK’s financial system, its participants and customers. To improve the technical collective response mechanisms, UK Finance will support the sector response framework as part of our commitment to maintaining resilience of the financial system.”
Source: Bank of England
Managers should continue to modernize legal and compliance.
Wall Street firms need to hang together regarding cybersecurity or they will hang separately.
The standard check-list mentality is not as secure as one would think.
Unauthorised parties breached the Banks’ Integrated Reporting Dictionary website.
Identify the risks and the best person to work with outside experts, Abacus exec writes.