FCA sees huge rise in cyber incident reports

The number of cyber security incidents reported by the UK’s financial services firms rose to 819 last year, up from just 69 in 2017, according to new data obtained from the Financial Conduct Authority (FCA).

A freedom of information request submitted by accountancy firm RSM found a huge rise incidents reported to the regulator, with retail banking firms accounting for 486 incidents – nearly 60 per cent of all reported.

This was followed by wholesale financial market firms on 115 reports (14 per cent of overall reports) and retail investment firms on 53 (six per cent of the total).

When it comes to the root causes of the cyber incident, third party failure was found to be to blame for 21 per cent of reported incidents, followed by hardware and software issues (19 per cent) and change management within the organisation (18 per cent).

Cyber attack from outside actors accounted for 93 cyber incidents (11 per cent of total reports).

Of these 93 cyber attacks, the FCA data was broken down into the following categories of breach: 48 incidents of phishing or credential compromise (52 per cent of the total); 19 incidents of ransomware (20 per cent); 16 incidents of malicious code (17 per cent); and ten incidents of denial of service attack (DDOS) attack (accounting for 11 per cent of the total).

Steve Snaith, a technology risk assurance partner at RSM, said: “While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator – it also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements.

“However, we suspect that there is still a high level of under-reporting, failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties.”

He said the figures also underlined the importance of organisations obtaining third party assurance of their partners' cyber controls. “Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls.”

    Share Story:

Recent Stories


FREE E-NEWS SIGN UP

Subscribe to our newsletter to receive breaking news by email.


Every Mortgage Tells a Story
Vida Homeloans is the award-winning specialist mortgage lender for residential and buy to let customers who may not fit the criteria currently demanded by high street lenders. View this video now on how Vida help those in their personal circumstances or their investment strategies.