I commend the Bank of England, specifically the Financial Policy Committee (FPC), for this great idea.
In the past few years, we’ve seen some focused and proactive security programs in the UK. Most notable are some of the contained DDoS mitigation campaigns that test banks’ readiness and business continuity planning exercises, where employees work remotely and the data center moves to recovery mode to ensure that the business still functions under disaster conditions.
Having a committee planning security controls, cyber attack response steps, and a high-level protection plan is an important initiative. This means that the different financial cyber security heads in the UK can join forces to strategically plan how to mitigate potential cyber threats. This is Threat Intelligence in its most simple and effective way.
This also means that the government will potentially have a way to regulate and measure the cyber security state based on an educated study of best practices, which will lead to business’s financial information and estates to be secured in a much more focused way.
This is what the PCI DSS standard has done with credit card companies and clearing houses to lower the risk of a breach. It had an important effect in making sure that every business that wishes to keep credit card information or transact in high volumes, is required to secure itself or be fined.
But regulatory mandates are not the only reason to see the relevance of this initiative. It shows that the big chiefs have come to a conclusion that the threat is real, growing, and is a risk for the UK financial industry.”