finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

Huge Jump in Cyber Incidents Reported by Financial Services Firms

New data obtained by RSM under a freedom of information request has revealed that financial services firms reported 819 cyber incidents to the Financial Conduct Authority in 2018, a huge rise on the 69 incidents reported in 2017.

Posted: 26th July 2019 by
Jacob Mallinder
Share this article

The retail banks were responsible for the highest number of reports (486) – almost 60% of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.

The root causes for the incidents were attributed to third party failure (21% of reports), hardware/software issues (19%) and change management (18%).

The FCA has recently warned of a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience to prevent attacks and better operational resilience to recover from disruptions.

According to the new data obtained by RSM, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20% were ransomware attacks.

Commenting on the figures, Steve Snaith, a technology risk assurance partner at RSM said: "While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements.

"However, we suspect that there is still a high level of under-reporting. Failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties from the FCA.

"As the FCA has previously pointed out, eliminating the threat of cyber-attacks is all but impossible. While the financial services sector emerged relatively unscathed from recent well-publicised attacks such as NotPetya, the sector should be wary of complacency given the inherent risk of cyber-attacks that it faces.

"The figures also underline the importance of organisations obtaining third party assurance of their partners' cyber controls. Moreover, the continued high proportion of successful phishing attacks highlights the need to continue to drive cyber risk awareness among staff.

"Interestingly, a high proportion of cyber events were linked to change management, highlighting the risk of changes to IT environments not being managed effectively, leading to consequent loss. The requirements for Privacy Impact Assessments as a formal requirement of GDPR/DPA2018 should hopefully drive a greater level of governance in this area.

"Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls. More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place."

Fig1: The number of cyber incidents reported to the FCA by regulated firms in 2018 broken down by the sector the incident impacted (source FCA):

Impacted sector 2018 % of incidents
Retail banking 486 59%
Wholesale financial markets 115 14%
Retail investments 53 6%
Retail lending 52 6%
General insurance and protection 49 6%
Pensions and retirement income 35 4%
Investment management 29 4%
Total 819 100%

 

Fig2: The root causes of cyber incidents reported to the FCA (source FCA):

Root cause 2018 (Jan-Dec) % of incidents
3rd party failure 174 21%
Hardware/software 157 19%
Change management 146 18%
Cyber attack 93 11%
TBC 93 11%
Human error 47 6%
Process/control failure 45 5%
Capacity management 25 3%
External factors 17 2%
Theft 11 1%
Root cause not found 11 1%
Total 819 100%

 

Fig3: The breakdown of incidents in 2018 categorised as 'Cyber attacks' (source FCA):

Cyber attack root cause breakdown  2018 (Jan-Dec) % of incidents
Cyber - Phishing/Credential compromise 48 52%
Cyber - Ransomware 19 20%
Cyber - Malicious code 16 17%
Cyber - DDOS 10 11%
Total 93 100%

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram