Andrew Tyrie, the chair of the Treasury committee, has challenged the Chancellor about arrangements to ensure cybersecurity in the financial services sector, which he describes as ‘opaque’ and ‘a headless framework’, warning these are potentially inadequate in tackling the risks facing the banking system
Tyrie is calling for the creation of a watchdog with a single point of responsibility for financial cyber crime, and argues in a letter to Philip Hammond that the current approach is too fragmented.
Tyrie said: ‘It is essential that the intelligence community, regulators and wider government are coordinated in making sure that financial cyber crime has a high priority, and is not subordinate to other work.
‘Such a lack of coordination will inevitably lead to greater opportunities for criminals to exploit vulnerabilities in the banking industry's IT systems. They are already under frequent attack.
‘A single point of responsibility for cyber risk in the financial services sector – with a direct line of accountability to a single official, in turn accountable to a single minister, such as the chancellor – is now required.’
The letter follows on from earlier correspondence in which Hammond informed Tyrie that responsibility for cyber issues in the finance area rests with a director-level group chaired by the Treasury, co-ordinating with the financial authorities and other government agencies.
Tyrie said: ‘The lines of responsibility and accountability for reducing cyber threats remain opaque. ‘The Chancellor has said that both a director-level group and a “governance framework” provide a single point to address cyber issues in the finance sector. But who is in charge? Is it the director or does the framework take precedence? Who is he or she? A headless framework scarcely inspires confidence.’
The select committee chair went on to warn that the arrangements sounded ‘perilously resonant of the catastrophically inadequate and headless Tripartite authorities, supposedly set up to monitor system risk in banking in 1997.’
‘The problem with such committees and frameworks is that all too often they only get the attention they deserve after a crisis – when it’s too late. This must not be permitted to happen in the case of financial cyber risk,’ Tyrie said.
Tyrie’s letter to the Chancellor is here.