BoI concerned about rise in bank hacking
The central bank seeks to tighten the banks' procedures and extend reporting requirements for cybernetic incidents.
19 September 12 18:03,
The Bank of Israel is worried about bank hacking, or, as it is officially known, cybernetic risk. Last week, the Banking Supervision Department published a draft circular ordering the banks to increase their disclosure about cybernetic incidents and about the damage caused, and oversight measures.
"In recent years, the banks and credit card companies' dependence on computing technology has increased, with a consequent increase in information security risk, reflected in more frequent and serious cybernetic incidents," the Bank of Israel states.
The Bank of Israel says that cybernetic attacks are liable to result in the theft of financial assets, intellectual property, or other sensitive information about the bank or its customers. In addition, the recovery costs from such attacks are liable to be high, and banks are exposed to lawsuits and legal claims, as well as damage to their goodwill.
The draft circular states that, beginning from the financial reports for 2012, the banks will have to report a cybernetic incident, if it affects one of a bank's areas of business. Banks will also have to report material security risks, their consequences, how they are dealing with them, and the costs.
Banks will also have to detail risks related to cybernetic incidents if they are not identified for a long time, and they will have to list their insurance coverage for the incidents.
The Bank of Israel also demands that the banks should fully detail cybernetic incidents in their financial reports. This will affect, for example, software capitalization costs. If there has already been a cybernetic incident, the banks will have to make a write-down on assets, such as goodwill, hardware, and software, as well as recognizing the incentives given to customers to avoid losing them.
This is not the first time that the Bank of Israel has expressed its concerns about the effect of hacking on the banks. In its annual report, published in July, the Bank of Israel said, "Attempted cybernetic attacks on the banks' infrastructures are liable to have material consequences for the functioning of the bank. In extreme cases, this is liable to shut down the bank and damage its stability."
The main cybernetic incident occurred in early 2012, when Saudi hackers broke into Israeli sites, exposing hundreds of credit card numbers of Israeli customers.
Published by Globes [online], Israel business news - www.globes-online.com - on September 19, 2012