The Bank of England has revealed that several of the UK's banks have been hit by cyber attacks in the last six months, which have led to the institutions making financial losses.
In its Financial Stability Report, the bank said that the cyber assaults unearthed vulnerabilities in many of the banks' infrastructures, disrupting some services.
Further reading UK FTSE 350 firms not considering cyber risks – Government Cyber attacks – up close and personal A third of SMBs unaware they've been cyber attack victims
"Cyber attack has continued to threaten to disrupt the financial system. In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services," the report states.
"While losses have been small relative to UK banks' operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions," it added.
The Bank of England's special resolution unit's head of resilience, John Milne told delegates at Infosecurity Europe 2013 that organisations, particularly retail banks, are victims of cyber attacks because they lack recovery plans for "doomsday scenarios".
"Last year RBS' IT problems affected 17 million customers, but that didn't figure anywhere in RBS' scenario planning [at the time] or indeed in other big retail banks," he said.
The Bank of England's report said that the financial system is susceptible to cyber attacks as it has a "high degree of interconnectedness, reliance on centralised market infrastructure and sometimes complex legacy IT systems".
In a bid to combat this threat, the Financial Policy Committee (FPC) has been working on improving awareness, and warning firms of the need to strengthen their online capabilities.
Last month, it ordered banks and infrastructure providers to come up with "concrete plans" by the end of the first quarter of 2014 to toughen up their cyber defences, with a progress report to be handed to the FPC at the end of 2013.
UK banks have since taken part in a one-day, extensive cyber threat exercise dubbed Operation Waking Shark 2, run by the Bank of England. This aimed to test the ability of the financial system to withstand a major cyber attack and focused on investment banking operations, the cash machine network, a potential liquidity squeeze and the likely fallout across social media.