Fearing reputation loss, banks under-reporting cyberattacks

The police is being kept in the dark.

British banks are afraid that if they disclose the full picture of the cyberattacks they're under, they might suffer public backlash resulting in reputational damage and loss of customers.  That's why they never fully report when they're under cyberattack. And the attacks are getting more frequent. This is all according to Reuters, who cites Israeli-based cyber security firm Illusive Networks, Barclays, and others. 

Illusive Networks Chief Executive Officer, Shlomo Touboul, says banks aren't exactly doing anything illegal. In the UK, they're not obliged to reveal everything. "There is a grey area...Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” Ryan Rubin, UK Managing Director, Security & Privacy at consultant Protiviti, said.  

Troels Oerting, Group Chief Information Security Officer at Barclays and former head of Europol's Cyber Crime Unit, describes his amazement at all the information banks had, once he switched from Europol. "When I moved from law enforcement to banking and saw what banks knew, the amount of information at their disposal, I thought 'wow', I never had that before.” 

"Banks are dramatically under-reporting attacks, they do what's legally required but out of embarrassment or fear of punishment they aren't giving the whole picture," an anonymous source told Reuters. Back in 2014, there have been a total of five reported attacks on financial institutions in Britain. 

This year, we’re already at 75, according to Financial Conduct Authority (FCA).      

Image source: Shutterstock/MaximP