The boss of one of the UK’s largest banks has said that the threat of cyber-attacks "keeps me awake at night."
Ian Stuart, CEO of HSBC UK, stated that cyber-security is "top of the agenda" for his banking group and that addressing IT vulnerabilities represents a huge expense for the entire sector.
He added, "It does worry me. We can be attacked and we are being attacked all the time."
Mr. Stuart and other bank leaders recently spoke to the Commons Treasury Committee, which has been gathering evidence on various industry issues, including vulnerability to outages and cyber-attacks. In March, it was revealed that nine major banks and building societies operating in the UK experienced at least 803 hours, or 33 days, of technology outages over the past two years.
Recently, retailers Co-op and Marks and Spencer suffered significant disruption due to hacking incidents.
Lisa Forte from the cyber-security firm Red Goat told BBC News that Mr. Stuart had made a very important point.
"Cyber-attacks are increasing in both number and severity," she said.
"Criminals are becoming more efficient at monetizing attacks and we have now reached a point where it is not a question of if, but when businesses will experience an attack."
Defence measures
Mr. Stuart explained that his banking group is investing hundreds of millions of pounds to upgrade its IT systems.
"I believe the amount of money banks, including ours, will invest in our systems is enormous," he said.
"The defence mechanisms put in place are absolutely critical."
He added that across his group, they process 1,000 payments every second while making 8,000 IT changes and updates each week.
Professor Oli Buckley, a cyber-security expert at Loughborough University, described cyber-attacks on financial institutions as "relentless" and "increasingly sophisticated."
"Ian Stuart is right to emphasize cyber-security as a major concern for the banking sector. However, recent incidents in the retail sector remind us that these attacks can affect every industry," he said.
"It is not only about protecting customer data but also about maintaining trust in the entire financial system. A breach risks more than individual accounts; it can have far-reaching effects on markets, reputations, and public confidence."
Several other banks, including Barclays, Lloyds, Nationwide, Santander, NatWest, Danske Bank, Bank of Ireland, and Allied Irish Bank, have also provided information to the committee.
Between January 2023 and February 2025, these banks reported 158 IT failures.
Barclays CEO Vim Maru addressed the committee regarding an outage at Barclays that occurred on January pay day for many customers.
The outage caused serious IT problems affecting online banking for several days, preventing some people from moving home, and could result in the bank facing compensation payments totaling £12.5 million, according to a report.
Mr. Maru apologized to customers and said he was "deeply sorry for the disruption." He confirmed there was no evidence the outage was caused by a cyber-attack or malicious activity.
Following the Barclays incident, about 1.2 million people in the UK were impacted by further banking outages in February.
These problems affected Lloyds, TSB, Nationwide, and HSBC.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
