On February 15^th, internet security software giant Kaspersky Labs issued a report detailing how a global gang of cyber-attackers stole almost $1bn in two years, via infiltration of over 100 banks in 30 countries.

As cyber-attackers become more sophisticated, and the sums of money involved larger, many bank customers may ask themselves whether they could be hit. This guide helps you understand the ramifications of cyber-attacks, and offer some helpful tips for protecting yourself – and your money – from a cyber-attack.

What are the biggest cyber-attack threats?

In banking terms, perhaps the biggest threat facing the industry at present is a ‘zero day attack’.

A ‘zero day attack’ is a virus that has been developed for the express purpose of bypassing traditional banking security measures. As the virus is entirely new, it’s very difficult to erect defences to prevent it from accessing a bank’s records – and virtually impossible to spot before the damage is done.

Is my bank protected?

The British Banking Association estimates that the financial services industry collectively invests almost £800m annually in cybersecurity. Data for individual banks is currently unavailable.

However, banks have publicly entered into information-sharing agreements with each other, to assess common threats and vulnerabilities.

Is my bank going to do anything else to protect me?

In 2012, the Bank of England conducted an investigation into the ‘technology and cyber resilience’ of 36 major banks and financial institutions, and found no immediate shortcomings. Improvements were suggested, but the BoE was understandably reticent to discuss specifics.

However, the BOE has also invited financial institutions to enrol in a new, voluntary security examination, titled ‘Cbest’. ‘Cbest’ rigorously scans banks’ security systems to locate areas of susceptibility.

The British government has also announced that MI5 and GCHQ will conduct a series of ‘war games’, attacking big banks’ security systems and identifying areas of risk and weakness.

How can I tell if my bank has been cyber-attacked?

Unfortunately, banks are not obligated to inform their customers if they’ve fallen victim to a cyber-attack. Banks are only expected to notify customers who have been directly affected by an attack; even then, the full details may be withheld.

For instance, a common cyber-attack strategy is to withdraw very small amounts (say, £3) from a vast number of accounts. Affected customers may be informed that £3 was removed from their account by mistake, but the money returned, and the bogus withdrawal blamed on a technical fault.

How can I protect myself?

Alas, there’s nothing you can personally do to make your bank less vulnerable to cyber-attacks.

However, you should treat your own account information with extreme care. AGB Investigative offers cyber security services for you. Only in exceptional circumstances should you share your details with anyone. If you regularly make purchases online, only use sites you completely trust – and ensure your computer is equipped with adequate virus protections to prevent malware infecting your computer and recording personal information.

If you notice any unusual activity in your account, you should of course report it immediately.

What if my account is affected by a cyber-attack? Is there anything I can do?

Luckily, the Financial Conduct Authority’s guidance on cyber-attacks offers unambiguous –and robust – protection to those who are impacted.

In short, bank customers will not be held liable for financial transactions they have not authorised themselves. Customer deposits up to £85,000 are, in any event, protected by the Financial Services Compensation Scheme; any amount below that figure will be returned to you if it’s stolen from your account.

Furthermore, you may be entitled to compensation for any losses you have incurred, if your bank is found to have failed to take proper care of your personal information. The Authority also wields the ability to penalise your bank financially if the bank’s security systems and controls are judged to be inadequate for preventing or identifying online fraud.