The attack begins with confusion. Traders, accustomed to shouting themselves hoarse about prices and interest rates, begin barking instead that transactions are taking forever to complete. Emails asking for help go unanswered, partly because the system’s down, partly because Bob in IT is more concerned about the wiper malware that seems to be rampaging through the institution’s databases than the integrity of the grain derivatives market. Within hours, swathes of data on loan agreements, hedging models, current account balances and other, more arcane parcels of financial information are lost – and the boardroom is left hoping, praying that even just a fragment of these records exist somewhere, anywhere, on paper.
This is the waking nightmare of IT security professionals in the financial sector: the idea that a major bank can be brought to the brink of collapse by a well-planned cyberattack. Fleshing out the consequences of such a disaster has mainly been the province of film and television writers – see series two through four of Mr Robot – but now central banks have lately got in on the act. Last autumn, the
