Financial services companies in the U.K will have to undergo cyber stress tests to ensure they could recover if they were hit with a major cyber breach.
According to a report in City A.M., citing the Bank of England, the test will ensure that banks have enough defenses built up to withstand a hit on their system. The Bank of England wants to know how long it would take for key services of financial services companies, such as payments, to recover. The report noted that Bank of England contends that a disruption to a bank’s payments could hurt the economy because customers of the bank wouldn’t be able to purchase things, nor would they be able to access their money.
The financial services companies that are subjected to the stress tests would have to show how they will meet the standard in the event of an attack. If a firm fails the test, it would have to agree to remedial action plans that improve its ability to handle similar situations if they were to arise again. The stress tests will start as a pilot in 2019, noted the report. The Bank of England didn’t say which firms would face the cyber stress tests, according to City A.M.
The move on the part of the Bank of England comes after the Securities and Exchange Commission (SEC) recently said, when it comes to cybersecurity, investors are not getting the disclosures they need.
“Let’s give them some information for starters (and promptly),” SEC’s Robert Jackson, Jr. told the annual meeting of the Society for Corporate Governance in Washington, D.C.
Though Jackson isn’t sure what additional cybersecurity information investors need, he does know that information should be given to investors quickly. However, he acknowledged it is difficult to know what disclosure best practices should be.
“Exactly what companies should say, I am open,” Jackson said. One thing he is certain of: Cybersecurity needs to be a top priority.