Source: HM Treasury Committee
Rt Hon. Andrew Tyrie MP, Chairman of the Treasury Committee, has written to Rt Hon. Philip Hammond MP, Chancellor of the Exchequer, about cybersecurity in the financial services sector. Commenting on the correspondence, Mr Tyrie said: “The lines of responsibility and accountability for reducing cyber threats remain opaque.
“The Chancellor has said that both a Director-level group and a “governance framework” provide a single point to address cyber issues in the finance sector. But who is in charge? Is it the Director or does the framework take precedence? Who is he or she? A headless framework scarcely inspires confidence.
“That sounds perilously resonant of the catastrophically inadequate and headless Tripartite authorities, supposedly set up to monitor system risk in banking in 1997.
“The problem with such committees and frameworks is that all too often they only get the attention they deserve after a crisis - when it’s too late. This must not be permitted to happen in the case of financial cyber risk.
“It is essential that the intelligence community, regulators and wider Government are coordinated in making sure that financial cyber crime has a high priority, and is not subordinate to other work.
“Such a lack of coordination will inevitably lead to greater opportunities for criminals to exploit vulnerabilities in the banking industry’s IT systems. They are already under frequent attack.
“A single point of responsibility for cyber risk in the financial services sector - with a direct line of accountability to a single official, in turn accountable to a single minister, such as the Chancellor - is now required.”