Chancellor and Bank set cyber standards for financial firms
The Chancellor of the Exchequer and the Bank of England have revealed there will be “severe” new standards in cyber security for financial firms, which are set to be unveiled this year.
The revelation emerged in the minutes of a meeting between Philip Hammond and Bank Governor Mark Carney.
The 4 July summit, details of which were released this week, touched on a number of areas including the potential impact of Brexit and revealed the intentions of the Financial Policy Committee (FPC) to set new cyber security benchmarks, which firms will be stress tested to ensure they meet.
On cyber risk the minutes read: “The Governor noted that the FPC had agreed to set standards for how quickly critical financial companies must be able to restore vital services following a cyber attack.
“Firms have primary responsibility for their ability to resist and recover from cyber attacks.
“But to guide firms in their planning, the FPC will set impact tolerances – specifically, the time after which a disruption of vital financial services could cause material economic impact.
“Firms will be expected to demonstrate their ability to meet the FPC's impact tolerances in 'severe but plausible' scenarios.
“The FPC will assess this via cyber stress tests, developed in coordination with other authorities, including the National Cyber Security Centre.
“If firms cannot demonstrate they are able to withstand these tests, remedial action plans will have to developed and agreed with supervisors.
“The Bank plans to launch a pilot of the approach to operational resilience in 2019, and will publish further details in 2018 Q4.”
It added: “The Governor added that these tests build on the FPC’s broader cyber strategy which includes regular penetration testing of the 30 largest firms, consistent supervisory follow up on the key findings of those tests, improved cyber governance within firms, new communications protocols and robust international coordination arrangements including through our leadership of the G7 Cyber Expert group.”