Introduction

Early on in my cyber security career (well, earlier – it still feels like early days for me), I was asked in a job interview: What would be most important for a customer of a large bank – confidentiality, integrity or availability?

At the time, I answered availability.  I thought it would be most important for a customer to be able to access their funds as and when needed, and while accuracy is important, balances can fluctuate daily. However, the recent ‘IT glitch’ with Barclays bank has provided us with a real-life case study, prompting me to challenge and justify my opinion.  

Overview of the Barclays Bank ‘IT Glitch’

Over the past week, Barclays customers have had to manage severe disruptions to services provided by the bank in what has been described as an ‘IT glitch.’ The disruption has meant that customers have been unable to access their accounts to view their balances, make transactions or payments.

The timing of the outage made it even more critical:

  • It began on the last working day of January – the first payday for much of the UK workforce following an expensive Christmas and New Year period.
  • It coincided with the self-assessment tax return deadline (31 January), when thousands of self-employed individuals needed to make time-sensitive tax payments to HMRC.

The disruption provides a real-life example that we can use to explore the CIA (confidentiality, integrity and availability) Triad, a foundational model in information security, allowing us to consider both the immediate and broader implications of an information security disruption for businesses and customers alike.

Understanding the CIA Triad

I’m currently studying towards the Certified Information Security Professional (CISSP) qualification and it’s on the first page of all the different study materials I’ve gathered; it’s a cornerstone of information security risk management.

In the context of the Barclays IT glitch, what is confidentiality, integrity and availability?

  • Confidentiality – Ensuring that only authorised users (e.g. the account holder) can access banking data and services. 
  • Integrity – Ensuring data accuracy and reliability, including balances and transactions.
  • Availability – Ensuring banking services remain accessible when needed.

Case Study: The Barclays IT Glitch and CIA Implications

Availability

The most immediate and obvious impact of the Barclays incident was the widespread availability failure. Customers were unable to access their accounts or complete transactions through online and mobile banking platforms for multiple days, with some in branch services also being affected.

Beyond inconveniencing customers, the outage had the potential to escalate into a personal wellbeing issue, highlighting the real-life consequences that availability issues affecting an everyday essential service may cause. Customers complained on X (formerly Twitter) that they were unable to purchase baby formula, forced to abandon their food shop at the checkout and left without access to funds while on honeymoon in Australia.

From an organisational perspective, the public complaints from customers have undoubtedly impacted Barclays’ reputation, customer trust and shareholder confidence in the organisation. Many frustrated customers have even threatened to leave the bank for competitors. The prolonged length of the disruption also raises questions about the bank’s resilience, business continuity and contingency planning, highlighting potential weaknesses in its ability to manage and recovery from disruptive incidents.

Integrity

Beyond the accessibility issues, the accuracy of the financial information and transactions was also compromised, raising concerns about integrity. Customers reported seeing outdated account balances and inconsistent transactions with duplication of payments, or payments being incorrectly marked as unsuccessful.

The timing of the disruption further exacerbated these issues:

  • Rent payments are often due at the end or start of the month, potentially resulting in missed or duplicated payments.
  • Self-employed individuals faced uncertainty over whether their HMRC tax payments had been successfully processed, leading to fears of late penalties.
  • Month end financial reporting for businesses could be impacted if transactions were inaccurately recorded.

While HMRC (the UK’s tax, payments and customs authority) has since stated it is working with Barclays to minimise any impact on those that submitted self-assessments, the issues highlight how system failures can ripple across the economy. This emphasises the importance for organisations, such as Barclays, to implement systems to quickly detect and correct any errors, maintaining trust in the banking system.

Confidentiality

On a more positive note, Barclays has confirmed that the IT glitch was not caused by a cyber-attack and there have been no reports of a data breach. This suggests that confidentiality controls have remained intact.

However, there is the concern that cyber criminals can take advantage of the disruption and attempt to circumvent confidentiality controls. Cyber criminals may exploit the confusion during the disruption to trick customers into revealing sensitive information through targeted phishing, social engineering attacks or other types of scams.

It’s important for organisations to communicate with customers during security disruptions to keep them informed and help prevent opportunistic cyber-attacks. If Barclays were subject to a data breach, the organisation would be legally obligated to notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected customers without undue delay. Failure to meet these obligations could result in Barclays being subject to financial penalties and reputational damage.

Conclusion

So, going back to the original question: Which is most important – confidentiality, integrity or availability?

I would answer that there isn’t one singular concept that is the most important, rather that the three elements of the CIA Triad are interdependent; a failure of one can lead to a failure in the others. Hence why it exists as a triad.

The Barclays case study shows us a real-life example of the importance of considering all three concepts during a disruption:

  • Availability failures can trigger financial hardship and reputational damage.
  • Integrity failures can cause confusion, missed payments, and economic ripple effects.
  • Confidentiality must be maintained, even in a crisis, to prevent further exploitation.

Ultimately, cybersecurity is about ensuring that systems we rely on daily remain secure accurate and accessible. Barclays’ failings serve as a timely and public reminder of the real-world consequences when these protections fall short.

Rebekah Makinde

Rebekah is a senior cybersecurity consultant in Reliance Cyber’s advisory practice. She specialises in developing cyber security strategies, policy frameworks, and leading ISO 27001 internal audits and cyber maturity assessments. Before transitioning into cybersecurity, Rebekah practised as a Chartered Accountant with extensive experience in internal audit and counter fraud within Central Government.