Cyber Threats and Blackouts Revive Cash as Critical Payment Backup

Recent cyberattacks and power outages have exposed vulnerabilities in digital payment systems, prompting governments and businesses to reconsider cash as a resilient alternative. A UK Treasury Committee report warns that failing to maintain cash infrastructure could create a “two-tier society,” leaving vulnerable populations at risk during emergencies¹. This comes amid rising incidents of bank IT failures, cyber intrusions, and grid instability globally.

Cash as a Resilience Measure

The UK recorded 158 bank IT failures between 2023 and 2024, including a Barclays outage that froze digital payments for days³. Spain’s nationwide blackout in April 2025 demonstrated cash’s critical role—57% of in-store transactions reverted to physical currency when digital systems failed⁴. Despite this, Spain simultaneously imposed strict cash withdrawal limits, requiring 24-hour advance notice for sums exceeding €3,000 and fines up to €150,000 for non-compliance⁴.

Cybersecurity Threats to Financial Infrastructure

Shawn Henry, former FBI Cyber Chief, testified in 2012 that adversaries routinely bypass traditional defenses, with state-sponsored actors (e.g., China, Russia) targeting critical infrastructure⁷. The U.S. Treasury faced similar risks in 2025 when untested code created potential backdoors in its systems⁵. Common attack vectors include:

• Denial-of-service (DoS) attacks disrupting payment networks
• SQL injection compromising financial databases
• Zero-day exploits against banking software

Policy Responses and Recommendations

Australia and the EU are mandating cash acceptance for essential services, while Sweden—previously a cashless leader—reversed course after systemic failures². The UK Treasury Committee advocates hybrid payment systems to mitigate single-point failures, emphasizing cash’s role in national security resilience³. Dame Meg Hillier cautioned, “We must avoid sleepwalking into a cashless society”¹.

Technical Implications for Security Teams

For security professionals, these developments highlight:

• Red Teams: Stress-test financial systems against combined cyber-physical disruptions (e.g., ransomware + power outage scenarios)
• Blue Teams: Monitor for anomalous transaction patterns during infrastructure failures
• CISOs: Include cash contingency plans in business continuity frameworks

Recent incidents like the M&S cyberattack and Spain’s blackout demonstrate that payment redundancies require both technical hardening (e.g., NIST-recommended grid resilience) and policy coordination¹⁴.

Conclusion

The tension between cash restrictions and its proven utility during crises creates complex security challenges. As cyber threats evolve, maintaining payment system diversity—rather than relying solely on digital infrastructure—may prove essential for societal resilience.