Banks are not alone in their reluctance to disclose every cyber attack. Of the five million fraud and 2.5 million cyber-related crimes occurring annually in the UK, only 250,000 are being reported, government data show.
But while saving them from bad publicity or worried customers, failure to report more serious incidents, even when they are unsuccessful, deprives regulators of information that could help prevent further attacks, the sources said.
A report published in May by Marsh and industry lobby group TheCityUK concluded that Britain's financial sector should create a cyber forum comprising bank board members and risk officers to promote better information sharing.
Security experts said that while reporting all low level attacks such as email "phishing" attempts would overload authorities with unnecessary information, some banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.
The most serious recent known attack was on the global SWIFT messaging network in February, but staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches, despite the FCA making public pleas for them to do so, the most recent in September.
"When I moved from law enforcement to banking and saw what banks knew, the amount of information at their disposal, I thought 'wow', I never had that before," Troels Oerting, Group Chief Information Security Officer at Barclays and former head of Europol's Cyber Crime Unit, said.
Oerting, who joined Barclays in February last year, said since then banks' sharing of information with authorities has improved dramatically and Barclays shares all its relevant information on attacks with regulators.
Staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches.
"Banks are dramatically under-reporting attacks, they do what's legally required but out of embarrassment or fear of punishment they aren't giving the whole picture," one of the sources, who declined to be named because he did not want to be identified criticising his firm's customers, said.
Apart from Barclays, the other major British banks all declined to comment on their disclosures.
The Bank of England declined to comment and the FCA did not respond to requests for comment.