Creaking IT systems pose a serious threat to Irish banks, which could fold “like a house of cards” with a serious cyber-attack, a cybersecurity expert has warned.
Ronan Murphy, chief executive of Cork company, Smarttech247, said the lack of investment in IT by the major banks, since 2008, poses a major challenge for the years ahead.
Central Bank governor, Philip Lane, has acknowledged that many banks’ IT systems are substandard, saying they became less of a focus following the financial crash. Most banks say they are now investing in modern IT systems, but Mr Murphy said the come-from-behind policy was still troubled.
“The legacy issues of the banking IT system mean it only needs something very small to go wrong before it turns into a major issue. It is much more difficult to be safe from cyber-attacks with such systems.
“On top of that, there is a huge skills shortage across the industry, with 2.2m staff needed by 2020 globally in the industry. Banks are going to have a difficult time finding the right talent. It is a major challenge, but it needs to be taken very seriously.” he said.
Mr Murphy’s warning comes as the Bank of England and the UK’s Financial Conduct Authority ordered firms to come up with a detailed plan for restoring services such as payments, lending, and insurance after a disruption, and to invest in the staff and technology to do so. The plan should include time limits on how long an outage could last.
“Boards and senior management should assume that individual systems and processes that support business services will be disrupted, and increase the focus on back-up plans, responses, and recovery options,” the Bank of England and the FCA said.
The discussion paper is part of the UK regulators’ effort to bolster the resilience of financial firms, in response to a rising number of operational failures. The focus is on ensuring continuity of business services that are essential for the economy. The UK watchdogs said firms should also be ready for disruptions caused by failed outsourcing and technological breakdowns.
The Bank of England has said it will stress-test banks’ recovery times in “severe, but plausible” scenarios and firms that fail will have to come up with fixes and get them approved by the supervisor.