The Bank of England is to test banks' resilience to resist and recover from a cyber attack on their payments systems.
The Bank is particularly concerned that disruption to one bank’s payments could have a direct impact on the real economy by preventing customers of that bank from paying for goods and services. It may also cause a ripple effect, spreading to other banks, impairing interbank lending and, in turn, activities such as clearing, settlement or mortgage payments.
In its Financial Stability report, the BofE says it intends to work with the Prudential Regulatory Authority and the UK's National Cyber Security Centre to test the ability of firms to meet a defined set of minimum recovery standards, setting a tolerance point after which it judges disruption would begin to cause material economic impact.
In the Bank’s latest Systemic Risk Survey, published alongside the
Financial Stability Report, 62% of banks cited cybersecurity as a key source of risk, up from 51% a year ago.
The Bank says it will consult with firms with a view to conducting a pilot of the approach to stress testing cyber resilience in 2019.
Although not systemic in nature, disruption caused by IT outages such as those experienced by Visa and TSB recently, highlight the importance of operational risk beyond cyber incidents for individual firms and consumer protection, says the Bank, and provides a pointer to further work for regulatory authorities. The Bank will publish a discussion paper on this issue next Thursday.