Cyber risk is the leading systemic risk for the financial sector, according to the most recent report by the Bank of England. And while only 38 per cent said a high-impact event was likely in the short term – 58 per cent thought it likely in the medium terms. These figures had edged down since the previous survey.
The majority (63 per cent) of respondents to the bank’s bi-annual survey said that they were fairly confident in the stability of the financial system.
Mixed bag
But the risk landscape is shifting. The biggest rising threat was risks associated with a UK economic downturn, which rose by 20 percentage points to 52 per cent – placing it as the fourth biggest threat.
Cyber risk also rose by 5 percentage points to 80 per cent – replacing geopolitical risk which fell 13 percentage points to 66 per cent. The survey was taken before recent violence in Israel and the Gaza Strip.
“Cyber attack and geopolitical risk remain the most frequently cited perceived sources of risk to the financial system among financial market participants,” the report said. “The proportion of respondents citing cyber risk is at its highest level recorded in the survey.”
Only 7 per cent of respondents considered artificial intelligence a threat.
Boards key to defence
Not surprisingly, larger organisations with more resources are leading the way in combatting cyber risk – although they also remain the biggest targets for hackers, according to a government cyber survey earlier this year.
Around seven in ten large businesses have formal cyber security strategies – usually because the board demands it, although changes to governance processes is also key.
“Qualitative data suggests the impetus to develop strategies can come from management board pressure, audits and business acquisition,” the report said. “It can also coincide with cyber teams gaining operational independence, for example from IT departments.”
Organisations must support their boards in understanding and quantifying cyber risk. “Qualitative data shows a similar set of issues to previous years that prevent boards from engaging more in cyber security, including a lack of knowledge, training and time,” the report said. “It also highlights the importance of people in cyber roles being able to write persuasive business cases for cyber security spending, especially when they report directly to finance leads.”
This website uses cookies to ensure you get the best experience on our website.
Read our Privacy Statement & Cookie Policy
