A recent Freedom of Information request to the UK’s Financial Conduct Authority (FCA) by accounting firm RSM revealed that 819 cyber incidents were reported to the FCA during 2018 – almost a 12-fold increase from the 69 cyber incidents reported to the FCA in 2017.
The data revealed that:
- 18% of reported cyber incidents targeted the wholesale and investment management sector.
- 93 cyber-attacks were reported in 2018, of which half were phishing attacks, while 20% were ransomware attacks.
- 21% of reports were triggered by third-party failure, 19% from hardware or software issues, and 18% were caused by change management.
How can your firm protect itself against cyber threats?
In a recent speech warning against inadequate cybersecurity protection, Megan Butler from the FCA stated the regulator sees “no immediate end in sight to the escalation in tech and cyber incidents affecting UK financial services.” Butler’s speech also made it clear that with respect to technology and cybersecurity risk, the FCA will take action if it sees “inappropriate responses and inappropriate protection being taken.”
Firms are operating in an environment where cyber threats and breaches are rising in both number and sophistication, resulting in an increasing focus from regulators globally. To protect against the reputational and financial risk of cyber-attacks, firms must take the following measures:
- Implement a strong regulatory cybersecurity program that includes risk assessments, vendor diligence, network testing, staff awareness training, and governance programming.
- Continually monitor regulator guidelines and regularly assess compliance with such guidelines.
- Add cybersecurity and regulatory education for staff as a regular and continuing element in operations.
Cyber risk is no longer the sole responsibility of a firm’s IT department, but one that extends to risk and compliance teams and should be included on the board agenda. Firms must proactively improve their attack readiness to reduce cyber risk and minimise potential impacts.
How We Help
ACA Aponix can help your company reduce the risk of cyber incidents and avoid regulatory penalties. We offer the following services:
- GDPR gap analysis
- GDPR awareness training
- GDPR vendor diligence
- Cyber incident response planning
- Cybersecurity and technology risk assessments
- Phishing testing and cyber awareness
- Penetration testing and vulnerability assessments
- Policies, procedures, and governance
- Mock regulatory cyber exams
- Threat intelligence