Are you winning the fight against cybercrime?


An estimated 1,000 cyber attacks now take place every hour in the UK. It’s time to get smart about your digital security.

Cybersecurity ImageNew technology and tools, such as smartphones, give banks and companies the opportunity to interact more readily with their customers and provide greater convenience than ever before. However, such developments also present companies with new risks and challenges to protect their business and their customers.

While cyber attacks are often motivated by financial gain, others are purely malicious. They may defraud customers, prevent customers from logging into online accounts or test the defences of a company’s own IT systems – sometimes as a prelude to more serious attacks. Professional fraudsters are using ever more sophisticated techniques; we need to be just as sophisticated in our response.

Striking the right balance

In order to mitigate risks, companies have to maintain a delicate balance. On the one hand, customers want the convenience of storing frequently used data on favourite websites, as well as making online and mobile payments quickly and easily. On the other, they expect companies to protect their data from misuse.

Companies therefore have to decide how best to protect themselves and their customers from digital fraud – while still providing the fast, convenient service that customers expect.

Stepping up your security

Fraudsters aim for easy targets and look to exploit obvious weak spots. While there are many different types of cyber attack, some universal security principles can help companies reduce their vulnerability to cybercrime. These measures include maintaining and testing up-to-date anti-virus software as well as enforcing sensible policies for password strength and protection.

Companies should also use physical security and tracking services to protect both servers and mobile hardware such as laptops. Robust rules should be in place to govern staff access to external sites, with penalties for non-compliance.

Beyond the more obvious measures, companies should stay aware of developments in their own sector and consider the following:

  • Recognise cybersecurity as an opportunity as well as a threat
    Companies that excel or innovate in this area may gain competitive advantage as customers want to feel robustly protected.

  • Establish your strategic response
    Put policies and practices in place to protect systems from attack and defend against human error including tested procedures to deal with both threats and, if necessary, breaches.

  • Invest in cybersecurity skills development
    Seek expert external support to fill any gaps.

  • Communicate regularly with customers about cybercrime
    Build awareness as the weakest point of any security measure is the user: you need to work together.

  • Be consistent across your business
    Customers expect a cohesive experience, and criminals can and will exploit any opportunities that an inconsistent approach leaves open.

How banks are helping

Banks are also working to protect not just themselves but also their customers. In recent years, banks have bolstered customer security by rolling out updated chip cards in the UK and chip-and-pin technology worldwide, as well as working with retailers to improve awareness of fraud risks.

In addition, banks have encouraged the use of fraud detection software and online verification tools such as Verified by Visa, as well as providing advice and information to companies and their customers regarding good security practice.

In a digital era, cybercrime poses ever greater risks to banks, businesses and the UK economy – it’s an ongoing battle and we must all take a frontline role in balancing the need for customer convenience against the need for robust security measures. Therefore it’s vital you have a robust digital fraud strategy in place, which is embedded within the culture of your business.

Ramping up regulations

Regulators are constantly introducing new rules and better guidelines designed to combat cybercrime, as well as enforcing existing laws more strictly. Key areas of regulation include data protection – companies storing customer data in digital form are subject to UK and EU data protection laws – as well as mobile banking and payments.

For example, the Financial Conduct Authority (FCA) is encouraging banks and mobile payments providers to focus on security and consumer protection. At a European level, the European Central Bank’s PSD2 framework for internet payment security is currently undergoing review and will become part of UK law.

Meanwhile, the Bank of England’s CBEST vulnerability testing framework uses intelligence from government and accredited commercial providers to identify potential attackers to a particular financial institution. It then tests the extent to which such attackers may be successful in penetrating the institution’s defences, allowing a firm to understand and address its vulnerabilities.

Useful links

Back to Gameplan

Back to top

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

Lloyds Bank plc Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone: 0207 626 1500.

Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under Registration Number 119278.

We subscribe to The Lending Code; copies of the Code can be obtained from

Eligible deposits with us are protected by the Financial Services Compensation Scheme (FSCS). We are covered by the Financial Ombudsman Service (FOS). Please note that due to FSCS and FOS eligibility criteria not all Business customers will be covered.

Lloyds Banking Group includes companies using brands including Lloyds Bank, Halifax and Bank of Scotland and their associated companies. More information on Lloyds Banking Group can be found at