Financial Services Firms Report 1,000 Percent Rise In Cyber Incidents

Reported cyber-incidents affecting financial services firms surged by a factor of 12 last year, or more than 1,000 percent, up from 69 in 2017 to 819 in 2018, new figures show.

Cyber-security incidents reported to the Financial Conduct Authority were led by phishing and ransomware, according to figures obtained under the Freedom of Information Act by accountancy firm RSM.

Banks were the most frequently affected by cyber-incidents, accounting for more than half of the reports, at 486, followed by wholesale financial markets with 115 reports and retail investment with 53.

Cyber-attacks accounted for 11 percent, or 93, of the reports, which were led by incidents related to “third-party failure”, at 21 percent, or 174 reports.

Cyber threats

Hardware or software incidents followed at 19 percent, with 157 reports, with incidents related to botched change management efforts accounting for 146 reports, or 18 percent of the total.

Cyber-attacks were in fourth place, with 93 reports or 11 percent of the total, led by phishing and ransomware attempts.

Other incidents were caused by human error, process or conrol failure and capacity management.

RSM said the jump in reports was likely to be due to firms being more active in reporting, related in turn to more stringent GDPR and FCA requirements to do so.

The GDPR data protection laws took effect last May.

Inadequate processes

Even so, it’s likely that firms are continuing to under-report cyber-incidents, said RSM technology risk assurance partner Steve Snaith.

He said the figures highlight the ongoing risks of successful phishing attacks and inadequate change managemenet processes.

“Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls,” Snaith said.

“More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place.”

In February the FCA said reported data breaches alone rose five-fold last year, from 25 in 2017 to 145 in 2018.