The Bank of England has taken steps to prepare financial institutions for the possibility of a major cyber attack by instructing them to enhance their defenses. The Bank is concerned that Russian-linked hackers may attempt to destabilize the financial system, hence the need for this measure.
The directive, which was issued last week, requires banks, insurers, and market infrastructure companies to simulate their response to a severe attack. This move follows a series of high-profile attacks, including ones on Royal Mail and the Guardian, by ransomware gangs earlier this year.
Sarah Breeden, who heads financial stability at the Bank, has written to executives instructing them to ensure that their systems and emergency response plans are in place by March 2025. Further, she added that financial firms should test their systems against severe but plausible cyberattack scenarios.
She also said that firms should improve their operational resilience if they are unable to remain within impact tolerance during a cyber attack.
The City is deemed to be at risk from ransomware gangs that target important firms that keep Britain's financial system functioning.
According to a 2022 survey of 130 global financial institutions, almost 75% experienced at least one ransomware attack in the past year.
The ION Group, a company that plays a crucial role in the infrastructure of City trading, was attacked by the same Russian-linked ransomware gang that targeted Royal Mail in February.
The attack caused disruption to trading desks in the City and affected other trade processing systems, leading some companies to resort to manual processing. Sarah Breeden has emphasized the need for companies in the Square Mile to improve their operational resilience by assessing their risks, vulnerabilities, and dependencies.
Although Sarah Breeden did not specifically mention Russian-linked groups as a potential threat, experts warn that worsening relations with Moscow have significantly increased the risks.
According to a report by the US-based Financial Services Information Sharing and Analysis Center, cyber-attacks have surged due to Russia's conflict with Ukraine.
The Bank of England issued this warning following its first cyber stress test, which was held in 2022 for lenders and market infrastructure companies. The Financial Policy Committee has urged firms to plan, prepare and test their response to cyber attacks to mitigate any impact on financial stability.
The Lockbit gang, which demands payment in hard-to-trace cryptocurrencies in exchange for unscrambling files on hacked computers, targeted both Royal Mail and ION Group. The group is known for demanding tens of millions of pounds in ransom and has reportedly extorted around $100m from its victims over the past few years.