How secure are the UK’s high street banks?

Financial risk has always been prevalent, and in recent years, concerns around cyber security have also increased, meaning that when these two areas are combined, the risks can be huge.

 

But just how seriously are banks taking cyber security?

 

According to a recent report from Xiphos Research, the websites of many of the UK’s high street banks are not as secure as they could be, placing customers’ sensitive data in a position of serious risk.

 

In particular, the research focused on the security of banks’ Secure Sockets Layer (SSL) certificates. These are the pieces of technology responsible for creating an encrypted link between a server and a web browser while making sure that all of the data passed from the server to the browser is safe, private and legal.

How secure are banks’ websites?

Xiphos found that more than half of the UK’s banks and building societies have weak SSL implementations, meaning they are compromising the security of their customers’ data. If this became common knowledge, the reputational and even legal consequences could be potentially irreversible.

 

The research involved the examination of 84 SSL connections in total, finding that 50 per cent of those belonging to UK-owned retail banks were insecure, as were more than three-quarters (79 per cent) of those owned by foreign parties.

 

In addition, Xiphos’ research involved 37 British building societies, finding that over half (51 per cent) had insecure SSL instances.

 

Overall, 14 per cent of the server-browser connections analysed by the organisation received the worst possible score, indicating that the level of security they provide to customers’ data is nowhere near adequate.

 

Xiphos’ report also led to the discovery that 4.7 per cent of SSL connections were at significant risk of being hacked. However, this figure is likely to be much higher, as any weak SSL is open to cyber attack.

 

What’s more, this research only focused on the customer-facing websites of banks and building societies, meaning the actual risk profile of banks could be much higher, as this does not take into account their internal functions as well.

How can banks improve their security levels?

Aside from implementing improved SSL connections to keep their customers’ data as safe as possible, how else can the UK’s banking organisations increase the security of their operations?

 

Cyber security is more important than ever before, and if banks do not have experts in this field on their books, they are not only putting consumer data at risk, but also preventing their own progress.

 

Such specialists are in high demand at the moment, as businesses ranging from SMEs to international banks step up their cyber security efforts in light of the increasingly high-profile nature of hacks and other breaches.

 

Finance is arguably one of the most important sectors where IT security needs to be a top priority, so individuals with expertise in this area may be set to experience an increase in demand for their services as a result.

 

Our Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.