New statistics from the FCA, contained in a freedom of information response to audit, tax and consulting firm RSM, show that reported incidents of loss of data from hacking has risen from 4 in 2016 to 17 in 2017. There were also two separate incidents of ‘data leakage’ reported to the FCA.
The figures also show a rise in the number of incidents of financial loss resulting from malware infection. In total, there were four reported cases in 2017, up from just one in the previous year.
The new statistics shed more light on recently announced figures that the overall number of cyber incidents reported to the FCA jumped over 80% from 38 in 2016 to 69 in 2017.
During 2017, the retail banking sector suffered the highest number of reported attacks (17), followed by retail lenders (16) and investment management firms (16). There were a further 11 incidents reported to the FCA by insurance firms.
Steve Snaith, technology risk assurance partner at RSM said: “We have previously raised concerns that there is likely to be significant under-reporting of cyber-attacks by regulated financial services firms. Nevertheless, these new numbers do reveal some important trends.”
“The jump in incidents of data loss resulting from hacking attacks should be particularly concerning to the financial services sector, given we are just months away from the new GDPR regime coming into force.”
As the General Data Protection Regulation (GDPR) approaches, “regulated companies should heed the FCA’s recent warning that firms must improve their cyber resilience. Cyber-attacks are becoming increasingly sophisticated and are constantly evolving and adapting. One of the biggest challenges is trying to ensure that defensive controls keep up.”