Security Firms Say UK Banks 'Under-reporting Cyber-attacks' | eWeek

Banks ‘Under-reporting Cyber-attacks,’ Say Security Firms

Written By
Guest Author
Guest Author
Oct 17, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

By Matthew Broersma

British banks are “dramatically under-reporting” computer attacks due to their fear of bad publicity, according to several IT security firms who provide services to them.

Staff from five computer security firms that provide services and advice to United Kingdom banks said they have seen first-hand examples of banks choosing not to report security breaches, according to a Reuters report citing unnamed individuals.


Law Enforcement Left in the Dark

While the banks did not break the law, their reporting practices are overly conservative and mean the public is unaware of the true extent of the risks to which banking IT systems are exposed, the firms said.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” said one source.

Barclays’ head of information security, Troels Oerting, who joined the bank in February of last year, said banks’ sharing of data with authorities has improved since then and that Barclays provides all relevant information on attacks to regulators. Oerting was previously head of Europol’s Cyber Crime Unit.

The comments will, however, add to concerns that information-gathering on computer attacks is inadequate, following a National Audit Office (NAO) report last month that found a lack of coordination in government data-gathering on breaches.

The government earlier this month opened a National Cyber Security Centre (NCSC) to help centralize computer defenses, including reporting, but the NAO said more reforms would be necessary.Sharp Rise in AttacksBritish financial institutions reported only five network-based attacks in 2014, rising to 75 so far this year, according to the Financial Conduct Authority (FCA).But IT security experts have said that such figures do not reflect the growing focus on banks and financial institutions by online thieves.They say the growing sophistication of malware such as Odinaff and Carbanak, which target banks and other financial institutions, shows a heavy investment in the coordination, development and deployment of computer attack tools.Investigators looking into the theft of $81 million using the SWIFT payment network said the attack showed a similar level of expertise.Industry observers say that as banks make it ever-easier for their customers to conduct network-based transactions, they present a natural target for online criminals.

These attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest,” said Symantec in a report on Odinaff earlier this month.

Although difficult to perform, these kinds of attacks on banks can be highly lucrative.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.