4 hours ago
2
The boss of HSBC’s UK arm has said the bank is “being attacked all the time” by online criminals, with cybersecurity now its biggest expense, costing the lender hundreds of millions of pounds.
Ian Stuart sought to reassure MPs that cybersecurity was “very much at the top of our agenda”, amid growing concerns that other large businesses could fall victim to the kind of attacks that have caused chaos at retailers such as Marks & Spencer and the Co-op.
M&S has been struggling for almost a month since its IT systems were targeted over the Easter weekend, with the attack hitting its online operations and leaving some store shelves empty.
“It does worry me … We are being attacked all the time, so the defence mechanisms that you put in are absolutely critical,” Stuart told the House of Commons Treasury committee on Tuesday. That involved “investing hundreds of millions of pounds”, he said. “This is our biggest expense in business.”
“The amount of money [that] banks, all of us, will be spending on our systems is enormous today – and it has to be. It has to be because our customers rely on digital technology all the time,” Stuart said.
The need to keep a bank’s systems operating seamlessly – 24 hours a day, seven days a week – has increased since bosses started increasing the pace of branch closures and pushing more customers into using digital apps and online banking.
Stuart said that, at a group level, HSBC alone processed 1,000 payments a second. Meanwhile, the bank was making about 8,000 changes to its IT systems every week. He said no bank would be able to guarantee that its services could stay online all the time. “So the skill is, how quickly can you recover?”
Banks’ IT systems have come under increased scrutiny in recent months, with customers at Britain’s largest banks and building societies having suffered the equivalent of more than one month of IT failures between January 2023 and February 2025.
Those figures did not include the full impact of an outage at Barclays that started at the end of January and affected 56% of online payments during the crucial payday period for many employees. There has been further disruption at Barclays since then.
after newsletter promotion
Speaking to MPs on Tuesday, the chief executive of Barclays’ UK operations, Vim Maru, said the problems had been caused by software made by an external company.
“A software issue was the root cause, and we worked with a third-party provider that provides us with that software. We’ve learned the lessons around that. We’ve put a fix in place that means that we won’t have a recurrence. And then, looking forward, there’s a further enhancement that we’re making, which is in the middle of implementation,” Maru said.
The Barclays boss again apologised to customers affected. “We’re deeply sorry for the disruption that our technical issue on the 31st of January caused for our customers. We’ve clearly worked very hard to recover from that and make sure that we put the right steps in place,” he said.
