Previously banks have focused on keeping attackers out. But the regulator fears some hackers will break through – so banks must be able to limit the damage once criminals are inside the systems.
Under the scheme, named CBEST, the Bank of England and accreditation body Crest expect to approve nine market intelligence firms who identify banks’ weak points, as well as 18 firms of hackers.
The banks can then hire them – with tests set to cost at least £100,000 – to attack their systems.
The plan is to lay down strict guidelines on the type of attack, to ensure money is not transferred and systems are not brought down.
After the test, which typically takes eight weeks, the bank, hackers and Bank of England will discuss the results to identify any problems.
Meanwhile, a study from PwC today shows firms are more concerned about the chance of a data breach than they are about making money from data, indicating the extent of fears over cyber crime.