New data obtained by RSM under a freedom of information request has revealed that financial services firms reported 819 cyber incidents to the Financial Conduct Authority (FCA) in 2018, a significant increase on the 69 incidents reported in 2017.
Retail banks accounted for almost 60% of the total number of reports, followed by wholesale financial markets (14%). The increase in reports may also be a sign of GDPR having a positive impact on organisations reporting incidents and not necessarily just an increase in the number of actual attacks.
Incidents were attributed mainly to third party failure (21%) with cyber attacks cited in only 11% of cases (93 instances).
Over half of these were phishing attacks, while 20% were ransomware attacks. Malicious code accounted for 17% of reported cyber attacks, and Distributed Denial of Service (DDOS) for just 11%.
The banking sector relies on digital technology to function. Good cyber security protects that ability to function and ensures organisations can exploit the opportunities that technology brings.
Boards must understand that cyber risk should be managed in the same way as any other business risk, such as physical security or financial risks.