The Bank of England (BoE) is staging a day-long war gaming exercise on Friday designed to test the resilience of the financial system in the event of a major cyber-attack.
Up to 40 firms are taking part in the voluntary exercise, alongside the BoE, the Treasury, City regulator the Financial Conduct Authority and UK Finance, the industry trade body.
It is the latest in a series of simulated attacks hosted by the BoE every couple of years in an attempt to identify any weaknesses in the response of banks and other financial institutions to a major cyber-attack. The ability of firms and organisations to communicate with each other during such an attack will also be tested.
“The exercise will help authorities and firms identify improvements to our collective response arrangements, improving the resilience of the sector as a whole,” the BoE said.
The tests will not be conducted on a pass or fail basis but the BoE is expected to make public some of the lessons learned at a later date.
Friday’s test has been designed by the BoE with input from the National Cyber Security Centre, which is a branch of Britain’s intelligence and security service, GCHQ.
A number of high-profile data breaches both within and outside the financial sector in recent months have highlighted the vulnerabilities of firms to cyber-attacks.
Earlier this year Dixons Carphone said that it had found unauthorised access to personal data belonging to up 10 million customers, including their names, addresses and email addresses.
The electronics retailer also identified unauthorised access to the payment cards of 5.9 million customers, although the vast majority were chip and pin protected, and no pin codes, card verification values (CVV) or authentication data were accessed, meaning purchases could not be made.
In the US, HSBC suffered a serious data breach in its US retail banks business, with hackers gaining access to customers’ account details, statement histories and other personal information.
British Airways revealed it suffered two cyber-attacks on its website in September and October. About 185,000 BA customers had their payment card details stolen, and 77,000 had their name, address, email address and detailed payment information taken.