QA Financial Forum London | 11 September 2024 | BOOK TICKETS
Close this search box.

Revolut Tackles Cyber Risk By Hiring Hackers to Spot Vulnerabilities


Recognising the growing threat of cyber attacks, challenger bank Revolut is enlisting a team of hackers to bolster its defences. The start-up is looking to recruit five experts to attempt hacking into its IT system, hoping that they’ll uncover and help fix vulnerabilities in the process. The team will also monitor Revolut’s security operations and trawl the dark web for potential threats, according to CIO Paul Hefferman, speaking for the Press Association. “One of the responsibilities of this team is to come in and just hack all of our own systems for us,” he said.“They will actually be continually testing our security and hacking into our own systems for us and using that knowledge to keep us secure.” “The majority of those people will be in the security operations function and then we are going have some people that work in the threat analysis area, so they will be looking on the dark web and looking at different parts of the internet to identify issues.” The roles are expected to be filled in the next two to three months, by a mix of experienced professionals and new graduates. This will build out Revolut’s cyber function, which currently consists of Mr Hefferman, who was brought in last September to build a dedicated team. The CIO said he is aiming to take advantage of the fact that Revolut does not have to deal with legacy IT infrastructure that burdens high street banks. Revolut’s cybersecurity efforts make sense amid a backdrop of increasing cyber threats and regulatory scrutiny. In November 2018, the UK Financial Conduct Authority published the findings of its cross-sector survey on cyber and technology resilience. The survey noted that, while most UK firms cite cyber resilience as their top technology concern, visibility at the board level was low and “nearly 80% of respondents struggle to maintain a view of what information they hold” and of the third parties interacting with that data.