Regulatory Cyber Alert: Cyber Incidents Reported to the FCA by UK Financial Services Firms Increased by 1,087% in 2018

July 12, 2019 by ACA Aponix


A recent Freedom of Information request to the UK’s Financial Conduct Authority (FCA) by accounting firm RSM revealed that 819 cyber incidents were reported to the FCA during 2018 – almost a 12-fold increase from the 69 cyber incidents reported to the FCA in 2017.

The data revealed that:

  • 18% of reported cyber incidents targeted the wholesale and investment management sector.
  • 93 cyber-attacks were reported in 2018, of which half were phishing attacks, while 20% were ransomware attacks.
  • 21% of reports were triggered by third-party failure, 19% from hardware or software issues, and 18% were caused by change management.

How can your firm protect itself against cyber threats?

In a recent speech warning against inadequate cybersecurity protection, Megan Butler from the FCA stated the regulator sees “no immediate end in sight to the escalation in tech and cyber incidents affecting UK financial services.” Butler’s speech also made it clear that with respect to technology and cybersecurity risk, the FCA will take action if it sees “inappropriate responses and inappropriate protection being taken.”

Firms are operating in an environment where cyber threats and breaches are rising in both number and sophistication, resulting in an increasing focus from regulators globally. To protect against the reputational and financial risk of cyber-attacks, firms must take the following measures:

  • Implement a strong regulatory cybersecurity program that includes risk assessments, vendor diligence, network testing, staff awareness training, and governance programming.
  • Continually monitor regulator guidelines and regularly assess compliance with such guidelines.
  • Add cybersecurity and regulatory education for staff as a regular and continuing element in operations.

Cyber risk is no longer the sole responsibility of a firm’s IT department, but one that extends to risk and compliance teams and should be included on the board agenda. Firms must proactively improve their attack readiness to reduce cyber risk and minimise potential impacts.

How We Help

ACA Aponix can help your company reduce the risk of cyber incidents and avoid regulatory penalties. We offer the following services:

For More Information

If you have any questions or would like more information about ACA's solutions and services, please contact Kassie Kanning, your ACA consultant, or email info@acaaponix.com.