The Bank of England has published the results from its Waking Shark II cyber security exercise. The results showed that there had been some progress from previous exercises and that participants had demonstrated communication and co-operation across the numerous financial agencies.
The Waking Shark II exercise involved investment banks, financial market infrastructure providers, financial authorities and government agencies. The aim of the exercise was to help the wholesale banking sector rehearse for if/when there is a breach of cyber security, which could disrupt the sector and entire supporting infrastructure. The exercise took place on 12 November last year and tested how financial firms and government agencies communicated, and how companies communicated amongst themselves. The aim was to improve awareness of the implications of a cyber-attack on those directly affected as well as the wider market.
The report noted a number of areas that could use improvement, including the possible setting up of an industry body to co-ordinate communication between companies in case of a cyber-security incident, alongside increased co-operation between the Prudential Regulation Authority and the Financial Conduct Authority.
Stephen Bonner, from KPMG’s Information Protection and Business Resilience department, commented that in the past there was no communication between firms when cyber-attacks took place for fear of damaged reputation and unfavourable effects on shares. He noted that today financial firms are clear that a breach of one’s system can affect the wider sector and are conscious that communication with their peers is of the highest importance. It is too easy to focus on self-defence whilst under cyber-attack, when the focus should be shifted to collaboration, Bonner said.