LONDON (Reuters) – Britain’s banks will have to show they could recover from a cyber attack within hours to avoid customer payments being delayed to the next day, the Bank of England said on Tuesday.
The BoE said it would hold a pilot cyber stress test of lenders mid-2019 but individual results won’t be published.
The “severe but plausible” test will look at how banks’ could withstand a cyber attack and how quickly they would recover so that payments can continue.
The pilot test will look at the payments system of a bank going down, but future tests would also likely include data being corrupted, the BoE’s Financial Policy Committee (FPC) said.
Banks, which the BoE did not name, will have to show that payments made on the day of the theoretical cyber attack are completed that day.
“The pilot exercise would be launched in the summer. Ahead of that the Bank would engage with firms to arrange appropriate and proportionate coverage of the pilot exercise,” the FPC said.
It also said that this year’s annual stress test of major banks for resilience to market and economic shocks would be largely in line with the 2018 exercise, a nod to the Bank’s view that lenders hold enough capital in general.
There would also be no major change to the thresholds that banks must stay above to pass the test without having to find more capital. The results are published in the fourth quarter.
Next year’s stress test will include CYBG bank, and the standalone ring-fenced arms of the main lenders.
(Reporting by Huw Jones, editing by Louise Heavens)