HSBC cyber attacks make cybersecurity banks biggest expense

Ian Stuart, the chief executive of HSBC UK, has revealed that the bank faces relentless cyber-attacks, making cybersecurity its largest expenditure. He informed MPs during a Treasury select committee hearing that the bank invests hundreds of millions of pounds to safeguard its systems against hackers, as the risk of cybercrime continues to escalate.

During his testimony, Stuart emphasised that defending against constant online attacks is critical, especially as customers increasingly rely on digital banking services. He stated, “The amount of money banks spend on our systems is enormous today – and it has to be. This is our biggest expense in business.”

Stuart explained that HSBC’s systems process an astonishing 1,000 payments every second while undergoing around 8,000 IT system updates each week. Despite these efforts, he admitted that no financial institution can guarantee uninterrupted service. The focus, he noted, is on recovery speed and minimising downtime when disruptions occur.

Banks across the UK have come under scrutiny due to cybersecurity concerns and technical outages. For example, an IT failure at Barclays earlier this year affected over half of all online payments during a crucial payday period, leaving customers frustrated. According to Barclays UK chief executive Vim Maru, the problem stemmed from third-party software, which has since been fixed. Maru apologised for the disruption and outlined steps being taken to prevent such incidents in the future.

Retailers including Marks & Spencer and the Co-op have also faced significant cyber-attacks in recent months. M&S suffered a month-long disruption after hackers targeted its IT systems over Easter. The attack caused notable impacts, including empty store shelves and disruptions to online operations. Experts report an increasing frequency of aggressive attacks aimed at both retail and banking sectors worldwide.

Given the dependence of modern banking on digital technology, Stuart stressed the importance of robust defence mechanisms, stating, “Our customers rely on us 24/7.” Banks continue to invest extensively to ensure their systems can withstand these ongoing threats and recover swiftly when attacked.