Cyber Attacks On The British Financial Sector Increasing Fast

Uploaded on 2019-07-08 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Financial

The UK Financial Conduct Authority (FCA) has published a cyber and technology resilience report for 2018 and there has been a large increase in cyber-attacks.  The FCA surveyed 296 firms during 2017-18 to review their cyber and technology capabilities and defences and the UK government has announced that it will be spending £1.5 billion over the next five years on UK cyber security.

The FCA has reported a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience to prevent attacks and better operational resilience to recover from disruptions.

The retail banks were responsible for the highest number of reports (486), almost 60 per cent of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.

The root causes for the incidents were attributed to third party failure (21 per cent of reports), hardware/software issues (19 per cent) and change management (18 per cent). On the basis of the data that the FCA is currently collecting, we see no immediate end in sight to the escalation in tech and cyber incidents that are affecting UK financial services.

In the year 2018 to October, firms reported a 187% increase in technology outages to the FCA, with 18% of all the incidents reported to us cyber-related.

The increase in incidents reported to the FCA doesn’t present a one dimensional picture of a surge in cyber-attacks and outages. Firms are reporting incidents more robustly. Albeit we strongly suspect that under-reporting is still a problem.
The FCA does not expect ‘zero-failure’. A point that is explicitly made in July’s FCA, Bank of England discussion paper on operational resilience. In that we talk about setting ‘impact tolerances’ and the ability of firms to ‘recover and learn from operational disruptions’.

The true test of the resilience of UK finance is not the absence of incidents. It’s how well incidents are managed. So from the FCA perspective, the really important questions are along the following lines. Are firms operating strong lines of defence? Are firms resolving issues swiftly? Are firms responding to emerging threats? Are firms managing third parties effectively?

There are fundamental questions about what happens when it goes wrong. Especially in industries, like finance, that have hallmarks of utility services.

According to RSM, a provider of audit, tax and consulting services, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20 per cent were ransomware attacks. Commenting on the figures, Steve Snaith a partner at RSM said:  

'While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements. 

'Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls. More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place.’

RSM:         GovUK:     FCA 1:        FCA 2

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

A Cyber Attack Could Spark A Run On Banks:

 

« Developing Smart Cities In Practice
Phishing, Malware & Cyber Security in Australia »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Twine Security

Twine Security

Twine is pioneering the creation of AI digital cybersecurity employees to help improve efficiency for cybersecurity teams.