FCA sees huge rise in cyber incident reports

The number of cyber security incidents reported by the UK’s financial services firms rose to 819 last year, up from just 69 in 2017, according to new data obtained from the Financial Conduct Authority (FCA).

A freedom of information request submitted by accountancy firm RSM found a huge rise incidents reported to the regulator, with retail banking firms accounting for 486 incidents – nearly 60 per cent of all reported.

This was followed by wholesale financial market firms on 115 reports (14 per cent of overall reports) and retail investment firms on 53 (six per cent of the total).

When it comes to the root causes of the cyber incident, third party failure was found to be to blame for 21 per cent of reported incidents, followed by hardware and software issues (19 per cent) and change management within the organisation (18 per cent).

Cyber attack from outside actors accounted for 93 cyber incidents (11 per cent of total reports).

Of these 93 cyber attacks, the FCA data was broken down into the following categories of breach: 48 incidents of phishing or credential compromise (52 per cent of the total); 19 incidents of ransomware (20 per cent); 16 incidents of malicious code (17 per cent); and ten incidents of denial of service attack (DDOS) attack (accounting for 11 per cent of the total).

Steve Snaith, a technology risk assurance partner at RSM, said: “While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator – it also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements.

“However, we suspect that there is still a high level of under-reporting, failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties.”

He said the figures also underlined the importance of organisations obtaining third party assurance of their partners' cyber controls. “Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls.”

    Share Story:

Recent Stories

Technology and the equity release market
Dan McGrath talks to chief executive officer at Air Group, Paul Glynn, about the equity release sector, changes to the market and how technology can allow the industry to move forward for lenders and consumers.

The later life lending landscape
Michael Griffiths speaks to Darren Deacon and Stuart Heavens from Family Building Society about the current state of play in the later life lending market


Subscribe to our newsletter to receive breaking news and other industry announcements by email.

  Please tick here to confirm you are happy to receive third party promotions from carefully selected partners.