Regulators are almost at the stage where they will insist upon the big financial services firms taking part in an IT security testing procedure, says the Bank of England.
Minutes taken during a meeting held by the bank last month offer information of efforts being made to boost cyber defence within the financial services industry.
Bank directors voiced concerns that financial service firms, insurers and banks included, were not obligated to take part in the CBEST programme. However, the bank’s executive director of resolution, Andrew Gracie, said that firms were being pressured to volunteer.
The minutes said that the industry tends to look to conventional cyber attacks that may result in loss to consumers, while potential financial stability threats were often more complex.
The minutes also said:
“Directors expressed concern that CBEST testing remained voluntary. Mr Gracie said that was the formal position, but the supervisors were making participation a clear expectation and, in practice, it was becoming close to mandatory for the bigger firms.”
An IT security drill will take place in 2016 and regulators have talked about how important it is that cyber security be a board room conversation with the firms themselves, especially when it comes to governance, says the minutes.
The bank may get its way and it may soon become an issue for the boardroom. Realistically, however, both board rooms of large companies and business owners of smaller firms need to address their cyber defence policies, including IT security recruitment plans.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.