HSBC’s UK Division Highlights Cybersecurity Concerns
Ian Stuart, head of HSBC’s UK division, expressed that banks are under constant threat from online criminals, noting that cybersecurity has become their largest expense, costing them hundreds of millions of pounds.
In a recent address to the House Treasury Committee, he aimed to calm concerns by emphasizing that cybersecurity remains a top priority. This comes as large companies, including retailers like Marks & Spencer and Co-op, have faced significant attacks.
Marks & Spencer has been struggling for nearly a month since an attack targeted its IT systems over the Easter weekend, disrupting online operations and leading to empty shelves in several locations.
Stuart voiced his worries, stating, “We are constantly being attacked, so the defense mechanisms we implement are crucial.” He elaborated that this requires substantial investment, mentioning that it constitutes the bank’s highest expense.
He mentioned, “The amount of money” banks must spend is essential since customers increasingly depend on digital technologies. The push for seamless banking operations—available 24/7—has become even more pronounced as branches continue to close and more customers shift to digital platforms.
On a larger scale, HSBC processes around 1,000 payments per second and alters approximately 8,000 IT systems weekly. However, Stuart cautioned that the bank cannot always guarantee uninterrupted service, adding, “The skill lies in how quickly we can recover.”
In recent months, bank IT systems have seen a surge in scrutiny, with significant outages reported in the UK’s largest banks and building societies equivalent to more than a month of total disruption between January 2023 and February 2025.
Notably, these statistics do not account for the issues experienced by Barclays at the end of January, which affected 56% of online payments during a critical payday period for countless employees, adding to the confusion that has followed.
During the same session, Vim Maru, CEO of Barclays’ UK operations, indicated that the problems stemmed from software developed by external vendors. He stated, “Software issues were the root cause, and we collaborated with these third-party providers. We’ve learned from this to prevent recurrence.”
Maru also reiterated his apologies to affected customers, acknowledging, “We are truly sorry for the confusion caused by the technological difficulties on January 31st. We are diligently working to resolve the situation and ensuring we take the appropriate measures.”
