REPORTAGE: Bank of England and Oracle Cloud: Who’s Fooling Who?

REPORTAGE: Bank of England and Oracle Cloud: Who’s Fooling Who?

The Bank of England, the UK’s financial bedrock, has nearly doubled its spending on Oracle Cloud transformation—yet security remains an afterthought.

With a newly inflated £13.8 million contract for implementation partner Version 1, this initiative should inspire confidence. Instead, it reveals a hard truth: throwing money at a problem—even when you print it—doesn’t make it go away.

This is the same Bank that oversees the Prudential Regulation Authority (PRA) and CBEST, a framework designed to test cyber resilience across the financial sector. And yet, the BoE’s own cybersecurity posture remains shockingly inadequate.

Its so-called “experts” seem more focused on bureaucratic compliance than ensuring the integrity of Britain’s financial data. Meanwhile, Oracle’s track record on security is hardly reassuring—historical vulnerabilities have left sensitive enterprise data exposed worldwide.

Pair the Bank’s lack of cyber hygiene with Oracle’s patchy security record, and you get a perfect storm of risk—unless, of course, cybercrime is part of the business model.

“Insecure data in an insecure cloud” isn’t a security strategy—it’s negligence.

Years of threat intelligence sharing have failed to shift the BoE’s fortress mentality, leaving it a prime target for cybercriminals and nation-state actors alike. The question isn’t if a breach will happen—but when. And when it does, the fallout could shake the financial system to its core.