Monday 1 July 2019 1:00 am

Number of cyber incidents reported by financial services firms explodes

The number of cyber incidents financial services firms reported to the Financial Conduct Authority (FCA) rocketed in 2018, data published today reveals.

Financial services firms reported 819 cyber incidents to the FCA in 2018, up from 69 in 2017, according to data obtained in a freedom of information request by accountancy firm RSM.

Retail banks were responsible for the highest number of reports (486) – almost 60 per cent of the total.

This was followed by wholesale financial markets with 115 reports and retail investment firms with 53.


There were 93 cyberattacks reported in 2018. Over half were phishing attacks and 20 per cent were ransomware attacks.

The FCA has warned recently of a significant rise in cyberattacks and outages affecting financial services firms. It has called on regulated firms to develop greater cyber resilience to prevent attacks and operational resilience to recover from them.

Technology partner at RSM Steve Snaith said: “’While the jump in cyber incidents among financial services firms looks alarming, it’s likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements.

‘However, we suspect that there is still a high level of under-reporting. Failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties from the FCA.”

Share