The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased by 480% in 2018, to 145 up from just 25 in 2017, according to research from RPC, the City-headquartered law firm.
The retail banking sector saw the largest percentage increase in the number of data breach reports, rising to 25 in 2018 from only one in 2017. This could raise concerns about the increasing number of cyber criminals targeting bank accounts. Tesco Bank was fined £16.4m by the FCA in October 2018 as a result of a cyber-attack that led to £2.26m being taken from personal current accounts.
RPC said that wholesale financial markets firms, such as investment banks, reported the most data breaches to the FCA in 2018, reporting 34 times, up from just three in 2017.
Cyber criminals could be targeting investment banks in the belief that their security systems are less sophisticated than retail banks. Confidential data held by investment banks on areas such as M&A can be used for insider trading. In the US the SEC is pursuing a number of insider dealing cases that relate to cyber breaches.
Other sectors within financial services that saw large increases in data breach reports include:
- Insurers – 33 in 2018, up from seven in 2017;
- Consumer retail lending – 21 in 2018, up from four in 2017;
- Retail investments – 11 in 2018, up from none in 2017 (see below for full breakdown).
RPC said that while the data suggests that financial services businesses are suffering an increasing number of cyber-attacks, these businesses are also perhaps getting better at identifying and reporting those attacks.
June 2018, the first month after the introduction of the General Data Protection Regulation (GDPR), saw the highest monthly total of data breach reports, with 20 data breaches reported by financial services firms.
Richard Breavington, partner at RPC and head of its cyber insurance and breach response team, said: “Banks remain a top target for cyber criminals. The figures suggest that the banks are suffering data breaches on a frequent basis.
“The increase in reports, however, does show that the financial services industry is now taking cyber security more seriously than ever. The financial and reputational fallout from a data breach can be serious for a business of any size. They must be ready to defend against – and respond to – breaches as efficiently as possible.”