Latest News

FCA sees huge rise in cyber incident reports

By Hannah McGrath

The number of cyber security incidents reported by the UK’s financial services firms rose to 819 last year, up from just 69 in 2017, according to new data obtained from the Financial Conduct Authority (FCA).

A freedom of information request submitted by accountancy firm RSM found a huge rise incidents reported to the regulator, with retail banking firms accounting for 486 incidents – nearly 60 per cent of all reported.

This was followed by wholesale financial market firms on 115 reports (14 per cent of overall reports) and retail investment firms on 53 (six per cent of the total).

When it comes to the root causes of the cyber incident, third party failure was found to be to blame for 21 per cent of reported incidents, followed by hardware and software issues (19 per cent) and change management within the organisation (18 per cent).

Cyber attack from outside actors accounted for 93 cyber incidents (11 per cent of total reports).

Of these 93 cyber attacks, the FCA data was broken down into the following categories of breach: 48 incidents of phishing or credential compromise (52 per cent of the total); 19 incidents of ransomware (20 per cent); 16 incidents of malicious code (17 per cent); and ten incidents of denial of service attack (DDOS) attack (accounting for 11 per cent of the total).

Steve Snaith, a technology risk assurance partner at RSM, said: “While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator – it also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements.

“However, we suspect that there is still a high level of under-reporting, failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties.”

He said the figures also underlined the importance of organisations obtaining third party assurance of their partners' cyber controls. “Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls.”

    Share Story:

Recent Stories

Barclays issued with $361m penalty

Toqio raises €20m in Series A funding round

Penfold launches Advisor Portal aimed at SMEs


Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?

BANNER

BANNER

Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

© 2019 Perspective Publishing     Privacy & Cookies