The Financial Conduct Authority has updated its findings on cyberattacks in 2020. The report titled 'Sector Views' and published on 18 February has revealed that there has been a further 7% rise so far in 2020.
The FCA wrote “Firms may not be testing changes to their systems before implementing them, and may not be investing enough in cybersecurity and technology, increasing the likelihood of failures,”.
Hack attacks and other cyber-related crimes reported by the UK's financial sector have risen massively over the last years. The Financial Conduct Authority has revealed that from 2017 to 2018, the number had increased from 69 to 819, marking a rise of more than 1000%. The figures were revealed after accountancy firm RSM submitted a request under the Freedom of Information Act.
The huge spike in cybercrime has, in part, been put down to the introduction of the EU's General Data Protection Regulation (GDPR) Before this legislation was introduced, organisations weren't obliged to report most types of security breaches. So, with many incidents being under-reported, it's not a surprise that the figure has risen so sharply after GDPR was introduced.
Banks have been hit hardest by the attacks with 486 reports being submitted and naming phishing and ransomware as top culprits. Followed by wholesale financial markets with 115 reports and retail investment with 53 reports.
RSM - the tax and consulting firm who made the Freedom of Information act request - commented that the number released reflected the increasing attacks on the industry as a whole and it's not just something we can put down to the introduction of GDPR.
"The web-enabled systems underpinning the financial services sector hold huge volumes of personal and financial data, which are incredibly valuable for cyber-criminals," Steven Snaith, the firm's cyber-security specialist, told the BBC.
"One of the problems is that there are lots of freely available cyber-attack tools and knowledge that can be sourced online. There is currently no legislation that makes possessing or developing these tools illegal, and this is exacerbating the problem."
Cyber attacks as whole only accounted for 11% of reports submitted. The majority of incidents were reported as problematic attempts to switch between different systems, issues with equipment and software and faults with third-party services.
In many sectors of the industry, small and medium businesses haven't been able to keep up with the ever-changing nature of data protection with many relying on outdated, manual processes or no processes at all. This means many organisations become an easy target for cyber attacks. Many are still trying to get the basics right, but more needs to be done, and it needs to be done now.
Larger firms have the luxury of time and money to input systems that are automated and detect a threat at the earliest possible opportunity. The gap between the security systems of smaller and larger businesses needs to be plugged as larger organisations often use smaller businesses for third-party systems. So it doesn't matter how safe and secure the larger organisation is, if its third-party contact is leaving a hole in the net, cyber attacks will continue to increase.
The FCA announced in 2018 that "a third of firms still do not perform regular cyber assessments. Most know where their data is, but describe it as a challenge to maintain that picture. Nearly half of firms do not upgrade or retire old IT systems in time". It called on regulated firms to begin to develop a greater resilience against cyber attacks and create a stronger recovery operation before it's even needed.
It seems the industry as a whole needs a shakeup to try and contain all threats made to their organisations. Data is the most important currency used today, and we're beginning to see just how important it is to try and protect it.