HSBC boss says cyber attack threat keeps him ‘awake at night’

The head of HSBC UK, Ian Stuart, has expressed serious concerns about the increasing threat of cyberattacks, stating that the issue “keeps me awake at night.”

Speaking during a session with the UK’s Commons Treasury Committee, Stuart emphasized that cybersecurity is a “top of the agenda” priority for the banking group as he acknowledged the “enormous” costs the financial sector faces in addressing IT vulnerabilities.

His concerns are amplified by recent cyberattacks on retailers like Co-op and Marks & Spencer, which have caused significant disruptions.

Lisa Forte, a cybersecurity expert from Red Goat, underscored the severity of the threat, telling BBC News: “Cyber attacks are increasing in both number and severity. Criminals are monetising attacks more efficiently and we are at a point now where it is very much when, not if, businesses will experience an attack.”

In response to this escalating threat, Stuart revealed that HSBC is investing hundreds of millions of pounds to enhance its IT systems and defences. “I think the amount of money banks – all of us – will be putting into our systems is enormous,” he said, adding that “the defence mechanisms you put in are absolutely critical.” He also noted the scale of HSBC’s operations, with the bank processing 1,000 payments per second and implementing 8,000 IT changes and updates weekly.

The Commons Treasury Committee has also received information from other major UK banks, including Barclays, Lloyds, Nationwide, Santander, NatWest, Danske Bank, Bank of Ireland, and Allied Irish Bank. These banks reported a total of 158 IT failures between January 2023 and February 2024.

Vim Maru, CEO of Barclays, addressed the committee regarding a significant outage at the end of January that coincided with payday and HMRC Self Assessment returns deadline, causing widespread disruption and potentially leading to compensation payments of £12.5 million. Maru apologized for the incident, attributing it to IT problems but not to a cyberattack.

Following the Barclays incident, approximately 1.2 million people in the UK experienced further banking outages in February, affecting services at Lloyds, TSB, Nationwide, and HSBC.