The latest business continuity news from around the world

Barclays defence of its IT shutdowns highlights wider limitations surrounding how outages and incidents are reported

Peter Groucutt, managing director of Databarracks, comments on the BBC’s recent analysis of IT outages and incidents for major high-street banks.

Since August 2018, the UK FCA has required banks to supply information about current account services to help consumers and small businesses make comparisons. This month, for the first time the data included the number of IT-related shutdowns, over the previous nine months.

Analysis of the data undertaken by the BBC revealed that most major high-street banks suffered more than ten shutdowns between April and December 2018. Barclays was singled out as the worst performer with 41 incidents over the nine months. In response, the bank said: "We take IT resilience extremely seriously and we welcome transparency for our customers which is why we report every incident to the regulator, even minor glitches that have minimal impact on customers."

Barclays’ response might sound a little defensive, but it does highlight the limitation of how these incidents are reported. Are all outages equal? For example, does TSB’s prolonged outage from its systems upgrade count as just one incident? If so, that makes it difficult to compare performance between banks.

The FCA has to strike the balance between the demands on the banks to produce this data and the value it adds. In future reporting my recommendation would be to add:

  • Length of outage - the duration of the incident;
  • Severity of issue - from minor degraded performance of systems causing delays to complete outages with systems unavailable; 
  • Number of users/customers affected - to distinguish between incidents that only affect a small number of customers and major incidents that affect all (or a high proportion of) customers.

For the small amount of effort, it would take to produce this data, the benefit to consumers is high and it would be equally valuable for the FCA to keep track of IT outages for the industry. Lastly, I would also suggest reporting the cause of the issue, which could be taken from a small number of broad categories such as ‘cyber incident’, ‘systems upgrade’ or ‘human error’.

In the original discussion paper published by the FCA it stated, “customers considered that frequent unplanned interruptions may be a sign of poor investment in the resilience of systems and security.” By tracking the cause of the issues, we can find trends across the industry as well as highlight particular issues for each bank.

www.databarracks.com



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.