The FCA records a 52% rise in material cyber incidents at UK firms

Reports to the Financial Conduct Authority showed that cyber activity increased by just over 50%, with at least 10% of incidents involving the use of ransom software during 2021.

Breach and Attack Simulation pioneer, Picus Security, recently reported on a significant rise in cyber incidents that were reported to the FCA. The report revealed that around one third of case reports included accounts of where personal or company data could have been jeopardised or breached. It also found that one in five incidents involved the use of ransomware. Furthermore, 75 of the total 116 material cyber incident reports were thanks to cyber-attacks. As per the FCA, an incident can be material if it results in substantial data loss, leads to the inaccessibility of IT systems, results in illicit access to information systems, and impacts a large number of customers.

The FCA said its most active month was March, during which there were 21 incident reports. This happened at the same time as serious vulnerabilities were revealed in Microsoft Exchange Server. Financial services firms are some of the most prepared organisations, able to detect and deal with material cyber incidents, but even though they have good data protection defences, they still experience setbacks due to these types of incidents.

Cyber threats

The widespread implementation of the remote and hybrid working models, along with widespread digital transformation within the financial services sector, has meant that firms have needed to modify their data protection and IT security protocols substantially over the past couple of years. Alongside this has been the continuous threats and attempted cyber-attacks – firms face a barrage from all angles. The Financial Services Information Sharing and Analysis Centre (FS-Isac) recently warned that the move to digital banking is exposing firms to ransomware and attacks to their supply chains. Not to mention, the revival in popularity of banking trojans and distributed denial-of-service (DDoS) threats which is a malicious attempt to interrupt the usual traffic to the targeted service or network by overwhelming it or its surrounding infrastructure. They achieve their goal by making use of numerous compromised IT systems as the sources of attack traffic – basically akin to an unexpected traffic jam clogging up a main road and preventing vehicles from reaching their destination.

Picus Security co‑founder and Vice President of Picus Labs, Suleyman Ozarslan, said:

The large rise in cyber incidents reported to the FCA in 2021 is a concerning trend and should serve as an important reminder to all firms about the need to make ongoing improvements in all areas of security. This is necessary to not only mitigate the risks posed by external threats but also those which arise due to IT failures and human error.

An important reminder to all firms

This is an important reminder to firms to continuously make improvements to their security across all areas, not just to diminish the risks presented by outside threats, but also the threats that occur due to human error and systems failures.

During one of our recent webinars, we had a “fireside chat” with experts, Joe Hancock and Jon Baines of Mishcon de Reya. We discussed what compliance and risk professionals can do to stay on top of cyber and data risks, including those relating to human error. You can view the replay here. 

If you are interested in learning more about how our proprietary software solution, Wayfinder, can help your firm, our information sheet is available for download here.