Bank of England pushes the cyber security testing framework for banks with CBEST

The recent theft of money from accounts at retailer Tesco’s online banking arm caused the British authorities to enact contingency plans to allow lenders to share information after the attack, the Bank of England said on Wednesday. The bank also said in its twice-yearly Financial Stability Report that the so-called CBEST framework for testing vulnerabilities to cyber attacks at financial firms will in future include regular spot checks by supervisors. Critical firms will also be subject to regular “cyber resilience testing” based on a common “threat” set by the financial regulators and the new National Cyber Security Centre.

The BoE said incidents this year have highlighted how cyber and technology-enabled attacks on banks continue to pose a serious threat to the financial system. Tesco Bank said earlier this month that 2.5 million pounds was stolen from a total of 9,000 customers, described by regulators as an unprecedented incident. “In response to the recent incident at Tesco Bank, the UK authorities activated a contingency plan … to share intelligence across firms, allowing other institutions to review their own resilience to such threats,” the BoE said. IANS