The UK’s Financial Conduct Authority (FCA) has recorded 819 cyber-crime incidents in 2018, a ten-fold increase from a reported 69 incidents in 2017.
Unsurprisingly, retail banks are at the top of the incident list with a total of 486, followed by wholesale financial markets (115) and retail investments (53). Third-party failure caused 21% of the incidents reported, with hardware or software issues the root of 19% of cases.
In its report titled “Cyber security – industry insights”, published in March 2019, the FCA urged companies to have a deep understanding of their supply chain. “Understand the connectivity between and dependency on partners. Adopting the view that you only need to be concerned with suppliers limits the ability to think wider about third party risk,” the report said.
Data breaches at companies such as Best Buy, Sears, Kmart And Delta in 2018 were executed through vulnerabilities within a third-party chat app.
Most incidents happen because someone makes a mistake, not because someone is mounting a targeted cyber-attack, pointed out Anna Russell, VP at comforte AG. “More than 40% of the incidents are caused by factors that are outside the control of the impacted organisation. Based on these numbers, it is obvious that organisations need to implement new ways to protect their data as traditional perimeter defence is not sufficient anymore,” she told SC Media UK.
However, boosting the defence budget is no guarantee for a reduction in cyber-crime in the sector, according a to a report on cyber-crime by sector body UK Finance. “It isn’t simply a question of spending more money on more robust security systems: banks alone spent £281 billion on IT in 2016, and financial services firms already spend three times the amount that non-financial organisations do on cyber- security,” said the report titled: “Staying ahead of cyber crime”.