Customers of UK bank TSB suffered almost a month of disruption after an IT systems upgrade caused a major service outage in April, one of the worst IT problems to hit Britain’s banking sector in years.
On the evening of Friday 20 April, TSB began to move five million customers and their 1.3 billion of records from an IT platform operated by its former owner Lloyds Bank to a system managed by Sabadell. However, soon after the new system was switched on during Sunday evening, customers reported service disruption.
Unable to quickly resolve the problem, TSB called in IT specialists from IBM. It also appointed accountancy firm Deloitte to devise a system to compensate customers, having told account holders that they will not be left out of pocket. TSB also waived banking fees and increased interest on current accounts to appease customers.
However, four weeks after the initial outage, customers were still reporting problems making payments and reduced access to accounts, while callers to TSB’s telephone helpline had to endure long waits.
Former TSB board member Philip Augur told the BBC that “human error, pride and software failure” had led to the IT disaster. Mr Augur, now a consultant, said that TSB “clearly underestimated the gravity of this in the early days”.
COUNTING THE COST
The bank has yet to say how much the incident will cost, but media reports suggest that the bank faces a potential multi-million pound compensation bill and regulatory fines. Both the banking regulator, the Financial Conduct Authority, and the UK’s data protection agency, the Information Commissioner’s Office, are looking into the IT meltdown.
Computer system problems at RBS in 2012 resulted in a fine of GBP 56 million by regulators, having already paid some GBP 125 million in related compensation and costs. The TSB failure involves fewer customers than RBS, but it is still expected to be costly. The cost of suspending overdraft fees alone is estimated at GBP 10 million, while TSB’s offer to pay increased interest to customers could cost as much as GBP 30 million per year.
TSB joins a growing list of high profile companies suffering reputational and financial damage from IT system outages. The airline industry suffered a spate of IT system outages, including British Airways
2017 outage which cost the airline GBP 58 million, while a router failure caused widespread disruption for Southwest Airlines in 2017.
The failure of system upgrades is a major cause of outages and has been a particular issue for the airline, telecommunications and banking industries. In 2016, UK bank HSBC was affected by a series of outages after a scheduled upgrade failed to complete properly, while the New York Stock Exchange had to suspend trading for four hours in 2015 after a technology upgrade failed. UK insurer Aviva’s online pensions platform crashed earlier this year following migration to a platform operated by a fintech service provider.
A service upgrade also left Vodafone customers in Qatar last year without mobile phone coverage. This year, a firmware update caused disruption for Virgin broadband business clients.
With increased reliance on technology, organisations and insurers are looking at cyber risk in the broader technology context, and not just in terms of data breaches. In response, cyber insurers have broadened cover in recent years to include a wider range of technology risks, including broad non-damage interruption covers like systems failure.
Outages, including those caused by failed upgrades, are insurable under standalone cyber insurance. Systems failure coverage is readily available in the insurance market and on broad terms with meaningful limits.
Download Cyber Decoder Newsletter
For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on firstname.lastname@example.org