Last Wednesday, the Bank of England announced that financial services firms are set to go through “cyber stress tests” in order to determine whether they would be able to recover in the event of a major breach in their systems.
The central bank is introducing new standards for the amount of time that the ability of a bank to recover after a breach would take to deliver principal services such as insuring against and dispersing risk and providing payments.
The bank described this period as the “impact tolerance” and said that the goal of the bank was to mitigate the “systemic risk” to the financial system.
For example, the Bank of England said that disruption to a bank’s payments could have an effect on the real economy by preventing customers of the affected bank from paying for various things and accessing their money.
The Bank of England is working with the National Cyber Security Centre for this move. The bank is planning to test the abilities of financial services companies to recover in the event of a major cyber attack.
The bank said that these “cyber stress tests” would be considered to be “severe but plausible.”
Financial services companies that will be subject to the stress testing will be required to demonstrate their ability to meet the standards for “impact tolerance.”
Where companies fail the said tests, they will need to agree to remedial action plans in order to improve their ability to face similar situations in the future.
The bank said that it is set to begin with a pilot scheme that is focused on payments next year, however, it did not disclose which companies would be included in the said tests.