The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480% in 2018, to 145 up from just 25 in 2017*, shows research from RPC, the City-headquartered law firm.
The retail banking sector saw the largest percentage increase in the number of data breach reports, rising to 25 in 2018 from only one in 2017. This could raise concerns about the increasing number of cyber criminals targeting bank accounts. Tesco Bank was fined £16.4m by the FCA in October 2018 as a result of a cyber-attack that led to £2.26m being taken from personal current accounts**.
RPC says that wholesale financial markets firms, such as investment banks, reported the most data breaches to the FCA in 2018, reporting 34 times, up from just three in 2017.
Cyber criminals could be targeting investment banks in the belief that their security systems are less sophisticated than retail banks. Confidential data held by investment banks on areas such as M&A can be used for insider trading. In the US the SEC is pursuing a number of insider dealing cases that relate to cyber breaches.
Other sectors within financial services that saw large increases in data breach reports include:
- Insurers – 33 in 2018, up from seven in 2017
- Consumer retail lending – 21 in 2018, up from four in 2017
- Retail investments – 11 in 2018, up from none in 2017 (see below for full breakdown)
RPC explains that while the data suggests that financial services businesses are suffering an increasing number of cyber-attacks, these businesses are also perhaps getting better at identifying and reporting those attacks.
June 2018, the first month after the introduction of the General Data Protection Regulation (GDPR), saw the highest monthly total of data breach reports, with 20 data breaches reported by financial services firms.
Richard Breavington, Partner at RPC and Head of their Cyber Insurance and Breach Response team, says: “Banks remain a top target for cyber criminals. The figures suggest that the banks are suffering data breaches on a frequent basis.” “The increase in reports, however, does show that the financial services industry is now taking cyber security more seriously than ever. The financial and reputational fallout from a data breach can be serious for a business of any size. They must be ready to defend against – and respond to – breaches as efficiently as possible.”
RPC says that insurance against data breaches is one of the fastest growing areas of the insurance industry. Data breach services such as RPC’s ReSecure can help to protect the data and reputation of companies, if they become the victim of a hack.
ReSecure provides companies with access to data breach management, technical forensic investigation, legal advice, notification, web and credit monitoring and public relations services.
Reports of data breaches by financial services companies made to the FCA have risen six-fold in the last year
Sectors such as retail banking and wholesale financial markets saw a dramatic rise in data breach reports made to the FCA last year
* FCA data, year-end December 31 2018