Even then, the central bank chief said monetary authorities are not letting up on efforts to improve industry vigilance. “We are not seeing or we are not in the seat of serious [attacks],” Espenilla told reporters.
Last June, the Bank of the Bank of the Philippine Islands (BPI) had to take down its electronic banking channels after a system glitch — later attributed to human error — resulted in account mispostings.
A few days later, Security Bank reported transaction posting delays, which prompted the lender to extend banking hours.
Then, Banco de Oro followed when clients were hit by skimming attacks and the bank admitted that some of its automated teller machines had been “compromised”.
“[E]very day banks, even the BSP, are being attacked. But it’s also reflective of the quality of cybersecurity that these [attacks] are now being routinely repelled,” Espenilla said.
But then, Espenilla said monetary authorities could not be too cautious given the rising sophistication of cyberattacks. “That is why we always raise the level of vigilance of the whole industry,” he said.
BSP will soon issue regulations to clarify expectations on the role of banks’ boards and senior management with regard to security risk management, he said.
“This one actually strengthens the message that the board … should pay attention to cybersecurity because in our observation … [this] is left to the attention of technologists or [those] lower in the organization,” he said.
As cybersecurity is normally not embraced as part of a bank’s business strategy, Espenilla pointed out that management may not invest enough resources in this area.