LONDON — For Ian Stuart, CEO of HSBC UK, the growing frequency and sophistication of cyberattacks is not just a corporate threat—it’s a personal one. “It does worry me—we can be attacked, and we are being attacked all the time,” Stuart told MPs during a Commons Treasury Committee session on May 20, 2025. The gravity of the issue has elevated cybersecurity to the top of the agenda at HSBC, one of the UK’s largest banking groups.
Stuart said his team is spending hundreds of millions of pounds annually to bolster IT infrastructure against ever-evolving threats.
“The defence mechanisms you put in are absolutely critical,” he noted, describing the effort as both costly and urgent.
Banking Sector on High Alert Amid Relentless Attacks
The wake-up call, however, isn’t limited to HSBC. In recent months, major retailers such as Marks & Spencer and Co-op have suffered disruptive attacks, and a Barclays outage on January payday left 1.2 million customers affected. An investigation revealed that the UK’s top banks have collectively suffered at least 803 hours—roughly 33 days—of tech outages over the past two years, due in part to cyberattacks and IT failures.
Lisa Forte, co-founder of Red Goat Cyber Security, validated Stuart’s concern.
“Cyber-attacks are increasing in both number and severity,” she said. “It’s no longer a question of if businesses will be targeted, but when.”
Prof. Oli Buckley, a cybersecurity expert from Loughborough University, called the financial sector’s challenges “relentless” and emphasized the ripple effect such breaches can have. “It goes beyond just protecting customer data. A breach doesn’t just risk individual accounts; it can ripple through markets, reputations, public confidence, and beyond.”
Digital Defence: Billions at Stake, and Reputations on the Line
With the UK banking sector processing thousands of digital transactions per second, the stakes couldn’t be higher. Stuart revealed that HSBC alone manages 1,000 payments per second and executes 8,000 IT changes weekly—numbers that underscore both scale and vulnerability.
In response, banks are aggressively fortifying defences, including automation of threat detection, tighter vendor management, and red-teaming simulations. But even these efforts may fall short in the face of increasingly sophisticated hackers using ransomware, phishing-as-a-service kits, and state-sponsored tools.
Meanwhile, the cost of failure is stark: Barclays, already under scrutiny for January’s outage, could face compensation liabilities exceeding £12.5 million. The growing perception that even top-tier banks are under siege has alarmed not just industry insiders, but regulators and MPs as well.
As Ian Stuart summed up grimly: “It’s about maintaining trust in the entire financial system. We’re no longer fighting lone wolves—we’re confronting a global cyber threat landscape that’s getting more dangerous by the day.”