Security by obscurity is outdated. Not only can this under reporting be exploited by organized crime groups but the health of companies are at risk since stakeholders are not in the know of the impact of the cyberattacks.

British banks are not reporting the full extent of cyber attacks from hackers in fear of punishment and bad publicity from regulators say bank executives and security service providers.

According to data available from Britain’s Financial Conduct Authority (FCA), cyberattacks on financial institutions in Britain have risen from 5, in 2014 to 75 this year.

Bankers and cyber security experts however say the data with the FCA is far reality – more attacks take place then is reported. In fact, as per Shlomo Touboul, CEO of Illusive Networks, banks are almost under constant attack.

Citing the example of a large global financial institution he works in, Touboul said in his experience there has been more than 2 billions “events”, read attacks, in a month.

Defense filters in machines filter down the attack to 200,000 before a human team cuts it down further to 200 “real” attacks in a month.

Unlike in the U.S., British banks are not obliged to reveal every instance of cyber attacks under the FCA’s provisions for companies.

“There is a gray area…Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” said Ryan Rubin, the UK Managing Director, of Security & Privacy at Protiviti, a consultancy firm.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” said a source who preferred the cover of anonymity.