The Bank of England has recently published minutes relating to a meeting of the Court of Directors, which was held on 16 September 2015. Cyber resilience was one of the topics that was discussed during the meeting. The key points from the minutes are summarised below:

  • Assessment Questionnaire – as there has been a focus on identification and assessment of risks, standard setting and sector co-ordination, themes from an assessment questionnaire completed by 35 major firms and financial market infrastructures have been shared with chief risk officers and chief information security officers of more than 130 firms.
  • Cyber vulnerability testing framework (CBEST) – the Bank of England has developed this with a view to help firms develop their defence and shape sector resilience. Concern that CBEST testing remains voluntary for firms was also highlighted.
  • Innovation – all steps taken to date have been seen as innovative and constructive, however it was pointed out that the industry tends to focus on conventional attacks that might cause consumer loss, whilst potential threats to financial stability are usually more complex.