Tuesday 27 November 2018 10:58 am

Tech outages at financial firms double as watchdog warns of data breach risk

IT failures at financial institutions have more than doubled in the last year, the Financial Conduct Authority has revealed, as firms fight to update their legacy technology to keep apace with fintech startups.

In the 12 months to October, the UK's financial firms reported a 138 per cent increase in technology outages to the FCA, as well as an 18 per cent increase in cyber attacks.

The FCA's executive director for wholesale and specialist supervision, Megan Butler, said in a speech this morning that "all the trends we're seeing at the moment suggest an increasing threat to UK customers and financial markets".

She added that although the increase also points to firms making more of an effort to report incidents, these could be conservative estimates given that under-reporting continues to be a problem in the industry.

Her speech came as the City watchdog is set to release a report today on the resilience of the UK's finance industry, the findings of which are based on a survey of 300 firms.

"The FCA is deeply concerned that the number of technology incidents reported to us has increased, with many outages linked to re-platforming and outsourcing failures," Butler continued. 

"The most prominent of these is perhaps TSB's IT migration earlier this year. But we’ve also seen a lot of recent outages caused by relatively small changes, usually made on a week day evening."

The FCA and the Bank of England are currently carrying out an investigation into TSB and its senior managers as a result of the tech failure, which affected millions of customers. Other high-profile outages this year included Tesco Bank, Visa and Barclays, as spending on debit cards outweighed cash payments for the first time.

World Wide Technology's chief tech adviser Dave Locke said the outages are often a consequence of the "improper integration of technology, or the untimely upgrading of their legacy IT infrastructures".

Former Europol cybercrime centre head of operations Paul Gillen told City A.M. yesterday that the number of hacking attempts against Barclays each day was "substantial".

In 2014 there were five reports of cyber attacks to the Financial Conduct Authority, 27 in 2015 and 89 in 2016.

"Today's message from Megan Butler was clear: Firms must be braced for more IT and cyber incidents and there is more that financial services firms could do to adequately address the threat," said PwC partner Simon Chard.

"The regulatory spotlight remains on firms, not just in terms of how they prevent incidents, but also crucially in how they respond."