EU follows UK lead and considers plans to test bank defences against a cyber attack

Oliver Gill
Follow Oliver
Chaos Computer Club Annual Congress
Lloyds Banking Group was hit by a distributed denial of service attack on 11 January (Source: Getty)

The EU is contemplating plans to test banks' ability to repel cyber attacks in an initiative that would mirror measures already put in place by the Bank of England.

Cyber and technological-enabled attacks have been on the Bank of England's radar since 2013 with 30 out of 35 "core firms" having completed the UK's cyber stress testing – known as CBEST – when the remaining institutions in the process of finalising their testing.

Read more: Boards in denial over cyber risk, as bosses keen to pass the buck

Plans were also laid down by authorities in November last year to make firms conduct their own regular testing of cyber resilience, Bank of England spot checks and "certain critical firms will be subject to regular concurrent cyber resilience testing... in conjunction with government agencies, such as the new National Cyber Security Centre".


City sources told City A.M. the testing itself involves the use of third party firms who sometimes employ former hackers to stress banking systems.

Meanwhile, European regulators are considering to follow suit with the European executive commission considering additional plans. "These include cyber-threat information sharing or penetration and resilience testing of systems," a source told Reuters.

Read more: Cyber security will be vital as open banking becomes reality

As set out in the Bank of England's financial stability report in November, the sharing of information in connection with cyber attacks already occurs in the UK.

In response to the recent incident at Tesco Bank, the UK authorities activated a contingency plan, as part of the Authorities’ Response Framework, to share intelligence across firms, allowing other institutions to review their own resilience to such threats.


The news that EU authorities will up the ante in the battle against cyber attacks comes as it was reported that Lloyds Banking Group is working with law enforcement agencies to ascertain who was behind a distributed denial of service attack earlier this month.

Read more: Tyrie calls for national cyber centre to ensure finance is "high priority "

Some Lloyds customers were unable to check bank balances and send money during the cyber attack on 11 January – this was limited to a "small number of customers", Lloyds said in a statement.

In November last year, money was stolen from 20,000 Tesco Bank accounts. The attack led to online transactions being frozen in what is understood to be the first cyber break-in of a UK bank.

Related articles