Surge in cyber incidents reported to FCA
Cyber security incident reports to the Financial Conduct Authority (FCA) rose 52% in 2021, with 116 reports received.
A third of the incidents reported may have resulted in confidentiality of company or personal data being compromised.
All regulated firms must notify the FCA if they suffer a material cyber incident.
The FCA deems an incident to be material if it results in a significant loss of data, results in the unavailability or control of IT systems, affects large numbers of customers, or results in unauthorised access to information systems.
One in five of the incidents reported to the FCA in 2021 involved ransomware, according to IT security firm Picus Security which submitted a freedom of information request to the regulator.
Two thirds (65%) of the cyber incidents reported in 2021 were due to cyber attacks.
Dr Suleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs, said: “Financial services firms are amongst the best prepared and most highly capable organisations at detecting and responding to cyber incidents. Yet, despite investing heavily in security and data protection, it’s clear that many continue to experience challenges in these areas.
“The large rise in cyber incidents reported to the FCA in 2021 is a concerning trend and should serve as an important reminder to all firms about the need to make ongoing improvements in all areas of security. This is necessary to not only mitigate the risks posed by external threats but also those which arise due to IT failures and human error.”
March 2021 saw the highest number of incidents reported, with 21 incident reports submitted.