The skill is, how quickly can you recover?

“It does worry me – we can be attacked all the time.” Ian Stuart, the boss of HSBC UK.

Stuart said that, at a group level, HSBC alone processed 1,000 payments a second. He said no bank would be able to guarantee that its services could stay online all the time. “So the skill is, how quickly can you recover?”

The Coop seems to have recovered, yet M&S is still on the floor and £300m poorer.

Stuart said cyber-security was “top of the agenda” for his banking group, and dealing with IT vulnerabilities was an “enormous” expense for the sector as a whole

The banks seem to focus their blame on external cyber attackers, yet M&S and the Coop were mistakenly aided from within.

Are HSBC really ignoring the internal perspectives?

Ian Stuart

CEO HSBC

Dear Ian,

Most cyber and information security breaches are facilitated within—through trusted individuals or suppliers. Often, these are well-meaning people who inadvertently disclose too much information or are deceived into doing so.

I urge you to ask your teams to identify the most valuable information assets that are at the greatest risk. Once identified, ensure that robust protection measures are put in place to safeguard them, including people policies and governance.

It is of little use to ask, after an incident, what jewels were taken—especially if you didn’t even realise you owned a rare diamond, let alone understood its value.

Kind regards,

John