By Matthew Broersma
British banks are “dramatically under-reporting” computer attacks due to their fear of bad publicity, according to several IT security firms who provide services to them.
Staff from five computer security firms that provide services and advice to United Kingdom banks said they have seen first-hand examples of banks choosing not to report security breaches, according to a Reuters report citing unnamed individuals.
Law Enforcement Left in the Dark
While the banks did not break the law, their reporting practices are overly conservative and mean the public is unaware of the true extent of the risks to which banking IT systems are exposed, the firms said.
“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” said one source.
Barclays’ head of information security, Troels Oerting, who joined the bank in February of last year, said banks’ sharing of data with authorities has improved since then and that Barclays provides all relevant information on attacks to regulators. Oerting was previously head of Europol’s Cyber Crime Unit.
The comments will, however, add to concerns that information-gathering on computer attacks is inadequate, following a National Audit Office (NAO) report last month that found a lack of coordination in government data-gathering on breaches.