Homes and Property | Home Page

Hack-attack law to cost banks millions

BRITAIN'S banks are being forced to reveal potentially damaging details about how often they have been attacked by computer hackers.

New international banking laws mean financial institutions must be more open about their vulnerability to IT-related risks, including so-called cyber attacks, so their insurers and auditors can gauge their liability.

The new openness demanded by the Basel II regulations looks set to cost the industry hundreds of millions of pounds as banks set up databases detailing a minimum of three years of hack attacks.

Banks will have to pass the information to their insurance companies and auditors, and to international regulators from 2007, so they must set up systems to log and monitor attacks from now on.

Complying with the rules will cost the average-sized British bank an estimated £200m over the next five years.

Traditionally reluctant to tell outside organisations about security matters for reasons of commercial secrecy, and in some cases simple embarrassment, banks have been bitterly opposed to this new legislation.

The very existence of attacks by cyber criminals is one of the industry's best kept secrets, much to the frustration of police.

However, banks that do not comply with the new laws will be obliged to set aside 2.8% of their assets to meet any IT-related liability - and that would be unthinkable in the current competitive climate.

John Sherwood of business consultancy ID Risk said: 'Capital allocated against risk is dead money as far as a bank is concerned because they are not using it to make money.'

He believes most, if not all, UK banks are already working to meet the 2007 deadline.

Indeed, a spokeswoman at Lloyds TSB confirmed it had started to compile a database of computer security incidents to comply with the demands.

The news, reported in Computing magazine, that details of the hacking problems suffered by banks may be revealed to regulators will be welcomed by law enforcement agencies.

Neil Barrett, an expert in computer security, said: 'The security industry itself would welcome any approach that makes a serious assessment of the exposure that the big banks are suffering - and I think you could take it as read that it would help organisations like the police too.'

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Sign up you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy notice .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in

MORE ABOUT

Banking
Databases
Data Security
Insurance
Security