Cybersecurity in 2025 – 8,000 Updates a Week and 33 Days of Downtime
Ian Stuart, head of the British division of HSBC, admitted that the threat of cyberattacks is so severe it keeps him awake at night. He stated that cybersecurity is now the top priority, and protecting against vulnerabilities costs the banking sector enormous sums. He emphasized that attacks are constant, and the problem is no longer hypothetical.
Along with other bank executives, Stuart spoke before the UK Treasury Committee, which is analyzing the financial sector's vulnerability to disruptions and cyberattacks. The discussion gained urgency after it was revealed that over the past two years, nine of the UK’s largest banks and building societies experienced at least 803 hours of technological outages—equivalent to over 33 days of continuous downtime.
The situation has been further exacerbated by recent attacks on retailers. Disruptions at Co-op and Marks & Spencer* were the result of targeted cyberattacks, confirming that threats now extend far beyond the financial sector. Cybersecurity expert Lisa Forte from Red Goat noted that Stuart’s remarks highlight a critical turning point—attacks are not just more frequent but also more effective and aggressive. She stressed that the focus is no longer on the possibility of an attack but its inevitability.
In response to the growing threats, HSBC is investing hundreds of millions of pounds in IT infrastructure upgrades. Stuart pointed out that the bank processes up to a thousand payment transactions per second and implements around 8,000 technical updates weekly. He stressed that without robust security measures, such systems simply cannot function.
Professor Ollie Buckley from Loughborough University also believes the banking sector faces "relentless" pressure from increasingly sophisticated attacks. He warned that attacks on financial institutions threaten not only customer data but also trust in the entire financial system. Breaches or errors can trigger chain reactions affecting markets, corporate reputations, and user confidence.
According to the data presented, between January 2023 and February 2025, eight banks—including Barclays, Lloyds, Nationwide, Santander, NatWest, Danske Bank, Bank of Ireland, and Allied Irish Bank—reported 158 incidents related to technological failures.
A particular focus for lawmakers was a Barclays outage in January, when a major online banking failure coincided with payday for many Britons. The issues lasted several days, and the bank may face up to £12.5 million in compensation payouts. Barclays UK CEO Vim Maru apologized, clarifying that the incident was not caused by a cyberattack or malicious activity.
However, the problems didn’t end there—in February, similar disruptions affected over 1.2 million people nationwide, impacting Lloyds, TSB, Nationwide, and HSBC. These events underscore the immense challenges the banking industry faces in the digital age.
