Join our community of smart investors

Tesco breach highlights cyber security imperative

The recent security breach at Tesco Bank underscores the growing importance of the global cyber security complex.
November 8, 2016

Earlier this week, Tesco Bank was forced to temporarily suspend online transactions after fraudsters removed money from around 20,000 accounts. The breaches took place during the weekend, presumably during which time the bank had fewer staff numbers in place to deal with the issue. Even though it appears the automated fraud detection systems were up to muster, anxious customers were forced to wait hours to speak to bank representatives.

A security failure on this scale, even within the banking sector, isn’t as rare as one would hope, and it serves to highlight the wider issue of cyber security in the UK, particularly as it comes on the heels of other well publicised breaches; most notably, mobile telephony group TalkTalk (TALK) in October 2015 and accounting and HR software specialist Sage (SGE) in August.

Last weekend’s incursion came barely a fortnight after UK consumer advocacy group Which? poured scorn on the country's high street banks for failing to adequately protect customers from online scams, highlighting Halifax, Lloyds Bank (LLOY) and Santander as among the worst offenders.

But the consumer champion isn’t the only critical voice. Cliff Moyce, global head of financial services at technology consultancy DataArt, believes financial services organisations often struggle to implement effective security systems “due to the preponderance of customer databases and the multitude of legacy systems handling and duplicating the data processing”.

He believes “banks are lagging the e-commerce and social network providers”, inadvertently giving rise to the ‘fintech’ revolution that could hasten the demise of the traditional high-street model. According to Mr Moyce, “a complete culture change” is needed, perhaps even one that entails “making executives personally liable for loss of customer data”.

The issue generated further column inches at the end of October when Michael Fallon, the UK defence secretary, revealed the government plans to invest another £265m to beef-up the defence of the nation’s military cyber-systems under the new Cyber Vulnerability Investigations (CVI) programme. The announcement follows on from the £1.9bn commitment made under last year’s Strategic Defence and Security Review, and is another sign that the MoD is determined to shore up the UK’s defences against the threat of cyber-attacks.

 

 

Critics of state policy in this area would doubtless claim a meaningful response from Westminster was long overdue, but the security challenge isn’t the sole preserve of central government, even though global state spending in this area has increased at an average annual rate of 14.5 per cent over the past 10 years, outpacing all other governmental procurement programmes.

Much is made of the danger posed to critical state infrastructure and communications systems, as cyberspace provides a battleground for state-sponsored aggression through new forms of hybrid warfare. But it also provides an ideal conduit for the activities of terrorists and organised criminal gangs. The threat extends beyond that posed to national security and into the private commercial sphere, with the risk of industrial cyber espionage now acute across a range of high-tech industries.

These dangers, which are tipped to hit the growing number of internet-connected devices, are translating into exponential growth across the cyber security sector. In 2004, the global cyber security market was valued at $3.5bn (£2.82bn). By 2015 that figure had grown to $78bn, while the latest estimates for next year range from $120bn-$175bn. These growth rates are readily explicable when the scale of the problem is revealed. The latest quarterly research update published by Cybersecurity Ventures predicts annual cyber-crime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021.