There has been sharp rise in the number of cyber-attacks against financial services companies reported to the Financial Conduct Authority (FCA), which were up by more than 80% last year
In 2017, 69 material cyber incidents were reported to the FCA, compared to 38 in 2016 and 24 in 2015.
The figures were provided in a speech at a financial crime conference in London, given by Robin Jones, the FCA head of technology, resilience and cyber.
Jones said: ‘In the past 12 months, the National Cyber Security Centre recorded over 1100 reported attacks, with 590 regarded as significant. 30 of these required action by government bodies, a number of which included the financial sector.
’In real terms, the UK deals with more than 10 significant cyber-attacks every week.’
Jan Hameed, a technology risk assurance director at RSM said: ‘This increase in reported attacks reflects a drive for greater accountability with respect to reporting such incidents, as well as the growing frequency of such attacks.’
In his speech, Jones identified a number of areas where financial services could improve their response to cyber threats. These included focusing on basic hygiene, being better at identifying their critical assets including data, and improving their detection of attacks (eg, using monitoring software). There also needs to be a focus on security culture amongst all staff, through training and awareness and raising levels of understanding at board level.
Hameed said: ‘Regulated companies would do well to heed the warning from the FCA on where firms could improve resilience. Notably, the FCA argues that boards must assume responsibility for cyber security given the risks to the business, its customers and the wider market. It also advocates for a greater focus on “basic hygiene” – making sure that critical assets including data are identified and that detection of attacks is improved.
‘One of the biggest risks facing financial services companies is complacency. Cyber-attacks will actively adapt to defensive controls. As the FCA highlights, individuals and criminal groups are developing tools and exploiting vulnerabilities on an industrial scale. Financial services firms need to ensure they always stay one step ahead.’
Speech by Robin Jones, Head of Technology, Resilience & Cyber at the FCA, delivered to the PIMFA Financial Crime Conference is here.
Report by Pat Sweet