Actu
Comment: Bank of England Reverses Vulnerability Disclosure Rule
November 2024 by Sylvain Cortes, VP Strategy at Hackuity
News has emerged the Bank of England (BoE) has reversed plans in a policy statement to require third-party companies to disclose “unremedied” vulnerabilities, acknowledging that such disclosures could inadvertently expose the UK’s financial system to cyber threats.
Initially aimed at enhancing resilience, the rule faced criticism for potentially increasing risks rather than reducing them.
Sylvain Cortes, VP Strategy, Hackuity
“Transparency is key to collaborative efforts in combatting cybercrime, however publicising vulnerabilities too early could increase the risk of financial cyber attacks by providing threat actors with a clear map to exploit weak points.
A coordinated disclosure process on the other hand allows third parties time to manage and patch vulnerabilities ahead of public disclosure.
It only takes one exploited vulnerability, in one third-party, to compromise the security of multiple financial services. From operational disruption to significant financial loss, the potential damage of disclosing vulnerabilities too early could ripple through the sector.”
