Cyber Attacks On The British Financial Sector Increasing Fast

The UK Financial Conduct Authority (FCA) has published a cyber and technology resilience report for 2018 and there has been a large increase in cyber-attacks.  The FCA surveyed 296 firms during 2017-18 to review their cyber and technology capabilities and defences and the UK government has announced that it will be spending £1.5 billion over the next five years on UK cyber security.

The FCA has reported a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience to prevent attacks and better operational resilience to recover from disruptions.

The retail banks were responsible for the highest number of reports (486), almost 60 per cent of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.

The root causes for the incidents were attributed to third party failure (21 per cent of reports), hardware/software issues (19 per cent) and change management (18 per cent). On the basis of the data that the FCA is currently collecting, we see no immediate end in sight to the escalation in tech and cyber incidents that are affecting UK financial services.

In the year 2018 to October, firms reported a 187% increase in technology outages to the FCA, with 18% of all the incidents reported to us cyber-related.

The increase in incidents reported to the FCA doesn’t present a one dimensional picture of a surge in cyber-attacks and outages. Firms are reporting incidents more robustly. Albeit we strongly suspect that under-reporting is still a problem.
The FCA does not expect ‘zero-failure’. A point that is explicitly made in July’s FCA, Bank of England discussion paper on operational resilience. In that we talk about setting ‘impact tolerances’ and the ability of firms to ‘recover and learn from operational disruptions’.

The true test of the resilience of UK finance is not the absence of incidents. It’s how well incidents are managed. So from the FCA perspective, the really important questions are along the following lines. Are firms operating strong lines of defence? Are firms resolving issues swiftly? Are firms responding to emerging threats? Are firms managing third parties effectively?

There are fundamental questions about what happens when it goes wrong. Especially in industries, like finance, that have hallmarks of utility services.

According to RSM, a provider of audit, tax and consulting services, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20 per cent were ransomware attacks. Commenting on the figures, Steve Snaith a partner at RSM said:  

'While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements. 

'Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls. More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place.’

RSM:         GovUK:     FCA 1:        FCA 2

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

A Cyber Attack Could Spark A Run On Banks:

 

« Developing Smart Cities In Practice
Phishing, Malware & Cyber Security in Australia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IX Associates

IX Associates

IX Associates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Firmus

Firmus

As the leading penetration testing services provider in Malaysia, Firmus evaluates the ability of your internal or external information assets to withstand attacks.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.