8 hours ago
6
Graham Fraser & Kevin Peachey
Technology reporter & Cost of living correspondent
The boss of one of the UK's biggest banks has said the threat of cyber attacks "keeps me awake at night".
Ian Stuart, the CEO of HSBC UK, said cyber security was "top of the agenda" for his banking group, and dealing with IT vulnerabilities was an "enormous" expense for the sector as a whole.
He said: "It does worry me - we can be attacked and we are being attacked all the time."
Mr Stuart and other bank bosses have been speaking to the Commons Treasury Committee which has been taking evidence on a range of issues affecting the industry, including how vulnerable it is to outages and cyber attacks.
In March, it emerged nine major banks and building societies operating in the UK accumulated at least 803 hours - the equivalent of 33 days - of tech outages in the past two years.
In recent weeks, retailers Co-op and Marks and Spencer have experienced severe disruption after being targeted by hackers.
Lisa Forte, of the cyber security company Red Goat, told BBC News that Mr Stuart had made "an incredibly important point".
"Cyber attacks are increasing in both number and severity," she said.
"Criminals are monetising attacks more efficiently and we are at a point now where it very much is when not if businesses will experience an attack."
Mr Stuart said his banking group was spending hundreds of millions of pounds improving its IT systems.
"I think the amount of money banks - all of us - will be putting into our systems is enormous," he said.
"The defence mechanisms you put in are absolutely critical."
Across his group, he said they are processing 1000 payments a second while making 8000 IT changes and updates every week.
Prof Oli Buckley, a cyber security expert at Loughborough University, said cyber attacks on financial institutions were "relentless" and "increasingly sophisticated".
"Ian Stuart is definitely right to highlight cyber security as a major concern for the banking sector, but recent events within retail have been a stark reminder that it can impact every sector," he added.
"It goes beyond just protecting customer data, it's about maintaining trust in the entire financial system. A breach doesn't just risk individual accounts; it can ripple through markets, reputations, public confidence and beyond."
Barclays, Lloyds, Nationwide, Santander, NatWest, Danske Bank, Bank of Ireland and Allied Irish Bank have also provided information to the committee.
Between January 2023 and February this year, they experienced 158 IT failures between them.
Vim Maru, CEO of Barclays, addressed MPS about the Barclays outage which occurred on what was January pay day for many people.
Serious IT problems affected online banking for several days, left some people unable to move home - and could result in the bank facing compensation payments of £12.5m, a report has found.
Mr Maru apologised to customers, saying he was "deeply sorry for the disruption". He said there was no evidence it was caused a cyber incident or a malicious act.
Following the Barclays incident in January, about 1.2m people in the UK were then affected by further banking outages in February.
Those problems occurred at Lloyds, TSB, Nationwide and HSBC.
