It's Good to Talk, UK Banks Told
Top techies at British banks are being encouraged to share information about cyberattacks following revelations that the financial sector is under-reporting breaches to regulators.
According to the UK's Financial Conduct Authority, only five attacks were reported in 2014, a figure that has soared to 75 so far this year. But the numbers fail to give the full picture. US regulations oblige banks to disclose breaches, and reporting is more consistent as a result. In the UK, only breaches that have a material impact need be revealed – something open to interpretation.
Jacob Ginsberg, senior director at Echoworx, argued that the EU’s General Data Protection Regulation (GDPR) directive, which comes into force before Brexit, will remove banks’ ability to keep quiet about some security problems.
Articles 31 and 32 of the GDPR would bring EU regulation more in line with US banking regulation, with forced disclosures shoving these conversations out into the open, hopefully to everyone’s benefit,” said Ginsberg, who argues banks could benefit from increased openness and sharing about security problems.