When Amazon Web Services (AWS) went down on Monday, half the UK banking sector went with it. Millions of customers were locked out of apps. Others couldn’t pay their bills and, perhaps most terrifyingly, children couldn’t play Roblox.
If a single tech hiccup can knock Lloyds, Halifax, the Department for Work and Pensions, and the tax system offline, it begs the question: What happens when everything is connected, but nothing works?
When things go wrong
Let’s look at some of the most memorable times when technology failures and cyberattacks shook the financial world.
💳 UK payday meltdown (February 2025)
On 28 February 2025, a major IT outage disrupted online and mobile banking for thousands of customers across Lloyds, Halifax, Bank of Scotland, TSB, Nationwide, and First Direct. This is bad enough, but the outage occurred right before payday. Payments were delayed, apps crashed, and customers were locked out of their accounts. A truly hellish time to be working on payroll.
Even worse, it was the second month in a row that something like this happened, triggering concerns from MPs and the Treasury Committee, who demanded answers from the banks. The incident also highlighted growing discomfort with the UK's shift away from physical branches toward total digital dependency.
🏦 Bangladesh Bank heist (2016)
This was one of the biggest cyber bank thefts in history – it was Ocean's Eleven on Windows 10. In this version, hackers compromised Bangladesh Bank’s systems and submitted fraudulent SWIFT transfer requests, siphoning $101 million from its New York Fed account. The money vanished into casino fronts in the Philippines.
How did this happen? Well, a lack of multi-factor authentication, poor logging, and missing audit trails made it easy prey for these digital gangsters. It was accountants who traced what was left of the money, and what was lost due to weak controls.
💻 JPMorgan Chase data breach (2014)
JP Morgan Chase were left gasping for breath after hackers ran off with data from 83 million accounts in one of the largest breaches in financial history. The attackers gained access via a neglected server with no 2FA and squirrelled away for months.
Not only did Chase have to restate cybersecurity risk in its filings, but accountants had to value the breach costs, insurance payouts, and data liability exposure. Always picking up the pieces!
🔒 Capital One hack (2019)
In another story where AWS play a part, the Capital One hack centred around a former AWS employee who exploited a misconfigured firewall to steal data from over 100 million customers in the US and Canada.
Afterwards, accountants were left to measure and disclose the risk, estimate provisions, and support crisis investor relations. In the end, the breach cost Capital One $190 million in settlements alone.
🚢️ NotPetya attack (2017)
Not finance-specific, but Maersk, the global shipping giant, was brought to its knees by the NotPetya cyberattack in 2017. It had to reinstall 4,000 servers, 45,000 PCs and 2,500 apps – all in 10 days. The malware used stolen NSA tools and spread via Ukrainian tax software.
In the wake of the attack, cyber insurance, disruption provisions, and supply chain risk assessments all became audit points. Maersk estimated losses of $300 million. That’s three quarters of the losses attributed to the Suez Canal blockage in 2021.
What’s this got to do with me?
Cyber stuff might seem the responsibility of the IT department. You’re an accountant, you’re not meant to know what a DDoS is, or how infecting the master boot record to execute a payload that encrypts a hard drive's file system table can prevent Windows from booting, right? You’re just meant to not click attachments from emails with the subject line "Open This If You May Be So Kind”.
But, in an increasingly techy world, it’s harder to skate around with limited knowledge – especially as cyberthreats become a larger part of our risk assessments. Cyber risk isn’t just an IT problem, it’s a financial continuity problem, and that means it’s, unfortunately, our problem, too.
The danger of sprawling tech
Let’s play a game of "what if”:
- What if your cloud provider is breached?
- What if your SaaS accounting platform goes dark?
- What if a bug introduces phantom transactions?
So much of finance depends on a chain of systems that you don’t control, can’t audit, and don’t even fully understand. Gone are the days of weird nerds hosting their own websites – it’s all outsourced now. And when the hack happens, you might even not know it’s happening.
Banks and building societies in the UK faced over 33 days of unplanned IT outages in two years from 2023 to 2025. The Olympics only has about 17 days every four years. It’s not just hackers either – sometimes the machine just refuses to work.
What can I do?
Well, there’s a fair bit accountants can do, annoying as that is.
- Join in cyber resilience planning - if the ledger breaks, you don’t want the IT department to rebuild it without you, right?
- Risk management needs to include technology risk – as we mentioned earlier, you’ve got the skills to recognise the risks, so you’re going to have to use them.
- Diversify and document - maybe keep the important stuff on the hard drive, rather than some server station in New Mexico.
- Build relationships with your IT and cybersecurity teams – say you like John Carpenter films, or ask them how to make a Plex server. It might be useful to have them on your side when things get weird.
🧠 Final thoughts
There’s no going back to paper but, as finance continues to digitise, so does the potential for disruption. Luckily, accountants are the best placed people to make sense of the chaos, but only if you’re ready.
The IT department need your help, even if they act like they don’t.
You need to sign in or register before you can add a contribution.