British Banks Underreport Cyber Attacks, Report Says
U.K banks don’t report all the cyber attacks directed at them, according to a Reuters report.
The U.K.’s Financial Conduct Authority reports at least 75 cyber attacks against financial institutions this year, but the news agency quoted experts who said that total is likely underreported. That’s in part because British banks are not required to report every such attack.
What might be the real number, then? That’s hard to say, but Shlomo Touboul, head of Israeli-based cyber security firm Illusive Networks, told Reuters that “one large global financial institution he works with experiences more than 2 billion such [cyber attack] ‘events’ a month, ranging from an employee receiving a malicious email to user or system-generated alerts of attacks or glitches.” He added that “machine defenses” reduce those events to about 200,000, with human workers then getting that down to 200.
“There is a gray area. Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” Ryan Rubin, U.K. managing director, security and privacy, at consultancy Protiviti, said in the report.
The data breach underreporting isn’t limited to banks, the report said: “Of the five million fraud and 2.5 million cyber-related crimes occurring annually in the U.K., only 250,000 are being reported, government data show,” Reuters said in its Oct. 14 report.