New data obtained by accountancy firm RSM under a freedom of information request has revealed that financial services firms reported 819 cyber incidents to the Financial Conduct Authority in 2018, a huge rise on the 69 incidents reported in 2017.
The root causes for the incidents were attributed to third party failure (21% of reports), hardware/software issues (19%) and change management (18%).
According to the data, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20% were ransomware attacks.
Steve Snaith, a technology risk assurance partner at RSM, believes the upsurge reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements. Banks had previously rebutted claims that they were under-reporting security breaches for fear of spooking customers.
"Interestingly, a high proportion of cyber events were linked to change management, highlighting the risk of changes to IT environments not being managed effectively, leading to consequent loss," he says. "The requirements for Privacy Impact Assessments as a formal requirement of GDPR/DPA2018 should hopefully drive a greater level of governance in this area."