The number of cyber attacks against financial services groups has soared in the past couple of years, with 75 attacks being reported to the City watchdog this year, compared with just five in all of 2014.
The 1,400 per cent leap in just two years, revealed by a senior official at the UK Financial Conduct Authority on Wednesday, underscores the size of the threat that the financial sector and its regulators are grappling with, particularly after high-profile attacks on the central bank of Bangladesh and related payment-system hacks, among others this year.
“We know from firms’ reports to us that attacks are on the increase year-on-year — in 2014, we received five reports, in 2015, 27, and 75 so far in 2016. Whilst this significant increase indicates more attacks are occurring, this may also suggest better detection and great reporting to us on the part of the firms,” said Nausicaa Delfas, the FCA’s director of specialist supervision, at the FT’s Cyber Security Summit.
The FCA’s statistics tally with others that describe a sharp increase in cyber attacks. PwC has previously reported that there had been a 45 per cent increase in the volume of attacks by organised criminal gangs.
The FCA is stepping up its scrutiny of financial services’ defences against hacks beyond the large banks that have been subject to penetration testing overseen by the Bank of England, which the central bank has described as “close to mandatory”.
Large lenders have already been put on notice that if their defences are weak, they could be forced to set aside more capital to cover the additional risk.
The FCA is now turning its attention to a wider group of companies, no matter their size. All companies are obliged to inform the regulator about any known hacks and are expected to be able to identify them in a timely manner.
“The reality is that even the smallest firm holds large quantities of sensitive data which, if compromised, could then have a ripple effect to other areas of the financial sector and, indeed, businesses more broadly,” Ms Delfas said.
Cyber attack survival guide
What to expect, who to tell and how to limit the damage
She predicted that the City would have to contend with increasing ransomware attacks — where malware installed on a system, normally through a bogus email, locks out users from accessing information, holding it to ransom — forecasting that these attacks will “significantly increase” over the next few years. Such attacks rose 35 per cent last year, according to Symantec.
Ms Delfas also warned companies about outsourcing and storing data with cloud providers, warning that they “cannot outsource the associated responsibility for the risks”.