Cyber Attacks On The British Financial Sector Increasing Fast

The UK Financial Conduct Authority (FCA) has published a cyber and technology resilience report for 2018 and there has been a large increase in cyber-attacks.  The FCA surveyed 296 firms during 2017-18 to review their cyber and technology capabilities and defences and the UK government has announced that it will be spending £1.5 billion over the next five years on UK cyber security.

The FCA has reported a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience to prevent attacks and better operational resilience to recover from disruptions.

The retail banks were responsible for the highest number of reports (486), almost 60 per cent of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.

The root causes for the incidents were attributed to third party failure (21 per cent of reports), hardware/software issues (19 per cent) and change management (18 per cent). On the basis of the data that the FCA is currently collecting, we see no immediate end in sight to the escalation in tech and cyber incidents that are affecting UK financial services.

In the year 2018 to October, firms reported a 187% increase in technology outages to the FCA, with 18% of all the incidents reported to us cyber-related.

The increase in incidents reported to the FCA doesn’t present a one dimensional picture of a surge in cyber-attacks and outages. Firms are reporting incidents more robustly. Albeit we strongly suspect that under-reporting is still a problem.
The FCA does not expect ‘zero-failure’. A point that is explicitly made in July’s FCA, Bank of England discussion paper on operational resilience. In that we talk about setting ‘impact tolerances’ and the ability of firms to ‘recover and learn from operational disruptions’.

The true test of the resilience of UK finance is not the absence of incidents. It’s how well incidents are managed. So from the FCA perspective, the really important questions are along the following lines. Are firms operating strong lines of defence? Are firms resolving issues swiftly? Are firms responding to emerging threats? Are firms managing third parties effectively?

There are fundamental questions about what happens when it goes wrong. Especially in industries, like finance, that have hallmarks of utility services.

According to RSM, a provider of audit, tax and consulting services, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20 per cent were ransomware attacks. Commenting on the figures, Steve Snaith a partner at RSM said:  

'While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements. 

'Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls. More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place.’

RSM:         GovUK:     FCA 1:        FCA 2

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

A Cyber Attack Could Spark A Run On Banks:

 

« Developing Smart Cities In Practice
Phishing, Malware & Cyber Security in Australia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

National Forensic Sciences University (NFSU)

National Forensic Sciences University (NFSU)

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Deduce

Deduce

Deduce use a combination of aggregate historical user data, identity risk intelligence, and proactive alerting to deliver a robust identity and authentication solution.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.