Financial institutions may be wrongly identifying cyber attacks as information technology failures because they aren’t spending enough to detect hackers, the Bank of England said.

A rising tide of cyber attacks threatens financial stability and a breach at a major bank could cascade through the industry, the U.K. central bank warned in a report on Wednesday.

The Bank of England has introduced a series of tests designed to test a firm’s response to a cyber security incident. After meeting in June, the bank’s Financial Policy Committee recommended that all core financial firms take the so-called CBEST tests.

Companies also tended to view cyber security as a technological issue instead of recognizing the risks posed by employee behavior, according to the report.

The BOE said a cyber-risk survey revealed that there had been “underinvestment by firms in their ability to detect cyber attack, which creates a risk that firms react to attacks too slowly, or misdiagnose incidents of disruption as internal I.T. failures rather than deliberate attacks.”