UK banks 'hide hacks to avoid bad PR'

Bank cards

UK banks are withholding information on cyber attacks to avoid bad publicity, it is reported.

Leading figures within the industry believe recorded figures are far lower than the real number of hacks occurring, and that banks are hiding the fact they are under constant attack from hacker groups, according to Reuters.

Chief executive of Israeli cybersecurity firm Illusive Networks, Shlomo Touboul, told the publication that one client, a large financial institute, is targeted with more than two billion potential hacks every month.

These attacks, including malicious emails or hacks on a system, are filtered down by security defences to just 200 'events'. A team of employees will then sift through the reports and cut the number down to 200 "real events" each month, according to Touboul.

Britain's financial institutions have reported 75 hacking attacks this year so far, rising from five in 2014/15, according to Financial Conduit Authority (FCA) data .

FCA provisions only require UK banks to disclose attacks that could have had a material impact, and essentially disregard the rest.

Excluded reports are not always just email scams, as security firms have reported first hand evidence of banks choosing to hide serious breaches for fear of public backlash.

"Banks are dramatically under-reporting attacks, they do what's legally required but out of embarrassment or fear of punishment they aren't giving the whole picture," said one anonymous Reuters source.

A Bangladesh central bank heist in February saw hackers steal $81 million.

Of five million instances of fraud and 2.5 million cyber-related crimes in 2015, only 250,000 were ever reported according to ONS figures.

A report by Marsh and lobby group TheCityUK, published in May, argues that greater information sharing is needed between industries and law enforcement, and encourages the creation of an "industry-wide cyber forum" to support existing bodies.

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.