A senior policymaker at the Bank of England said a cyberattack by a state actor could corrupt British banks’ records over a period of a few months, and present a risk that banks might not be able to protect against on their own, according to a report by Reuters.
Anil Kashyap was speaking to legislators on Tuesday (June 18), and he said that while banks have been focusing on stopping outages, the falsification of the records of transactions poses a larger threat.
“If you wanted to do maximum damage, that is what you would probably do if you were a state actor,” he said to a parliament committee.
Kashyap has warned about attacks from Russia and other countries, and urged banks to prepare for them. However, he acknowledged that banks might not be able to guard against these types of attacks by themselves.
“If you think it is a state actor, I don’t know if you think any particular firm can defend itself,” he said.
The bank record attacks would be especially troublesome because it would be hard to tell which records had been corrupted.
“You have this difficult situation where you have to restore the system, where you could be restoring a corrupt system,” Kashyap said.
He said banks are too worried about damaged reputations and not enough about how an attack would affect the whole banking system.
“I don’t really care if bank ‘x’ is offline for a week, even if it’s disastrous for their share price, if the services that they provide, that are critical, can be delivered in some other way,” Kashyap said. “What is tricky is it could be the case that the (bank) board’s incentives of what to worry about are misaligned with the general incentives.”
Kashyap was talking to parliament’s Treasury Committee, which was looking into his reappointment to the bank’s Financial Policy Committee, an organization that monitors potential risks to banking systems.