Cyber Attacks On The British Financial Sector Increasing Fast

The UK Financial Conduct Authority (FCA) has published a cyber and technology resilience report for 2018 and there has been a large increase in cyber-attacks.  The FCA surveyed 296 firms during 2017-18 to review their cyber and technology capabilities and defences and the UK government has announced that it will be spending £1.5 billion over the next five years on UK cyber security.

The FCA has reported a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience to prevent attacks and better operational resilience to recover from disruptions.

The retail banks were responsible for the highest number of reports (486), almost 60 per cent of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.

The root causes for the incidents were attributed to third party failure (21 per cent of reports), hardware/software issues (19 per cent) and change management (18 per cent). On the basis of the data that the FCA is currently collecting, we see no immediate end in sight to the escalation in tech and cyber incidents that are affecting UK financial services.

In the year 2018 to October, firms reported a 187% increase in technology outages to the FCA, with 18% of all the incidents reported to us cyber-related.

The increase in incidents reported to the FCA doesn’t present a one dimensional picture of a surge in cyber-attacks and outages. Firms are reporting incidents more robustly. Albeit we strongly suspect that under-reporting is still a problem.
The FCA does not expect ‘zero-failure’. A point that is explicitly made in July’s FCA, Bank of England discussion paper on operational resilience. In that we talk about setting ‘impact tolerances’ and the ability of firms to ‘recover and learn from operational disruptions’.

The true test of the resilience of UK finance is not the absence of incidents. It’s how well incidents are managed. So from the FCA perspective, the really important questions are along the following lines. Are firms operating strong lines of defence? Are firms resolving issues swiftly? Are firms responding to emerging threats? Are firms managing third parties effectively?

There are fundamental questions about what happens when it goes wrong. Especially in industries, like finance, that have hallmarks of utility services.

According to RSM, a provider of audit, tax and consulting services, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20 per cent were ransomware attacks. Commenting on the figures, Steve Snaith a partner at RSM said:  

'While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements. 

'Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls. More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place.’

RSM:         GovUK:     FCA 1:        FCA 2

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

A Cyber Attack Could Spark A Run On Banks:

 

« Developing Smart Cities In Practice
Phishing, Malware & Cyber Security in Australia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.