The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

FCA Urges Greater Cyber Resilience

The number of cyber incidents financial services firms reported to the Financial Conduct Authority (FCA) soared in 2018, and the watchdog is now calling on regulated firms to develop greater cyber resilience to prevent attacks and operational resilience to recover from them.

According to data recently acquired by accountancy firm RSM under the Freedom of Information Act, cyber attacks on financial services firms increased 12-fold in 2018, with 819 incidents reported in 2018 compared to just 69 in 2017. Banks are the most vulnerable, accounting for over 50% of reports, while whole financial markets reported 115 incidents and retail investment firms accounted for 53.

Firms also reported a 187% increase in technology outages to the FCA, with 18% cyber-related and 20% specifically related to change management.

The FCA is now calling for greater IT security awareness across the financial industry, following a survey last year which found that nearly half of regulated financial services firms do not upgrade or retire old IT systems in time, while only 56% say they can measure the effectiveness of their information asset controls. Only the largest firms have automated their detection systems to spot potential cyber attacks, with smaller firms generally relying on old school, manual processes – or no processes at all. The regulator also suspects that under-reporting is still an issue, suggesting that the problem could be even more widespread.

“The current threat level is remarkable,” warns Megan Butler, Executive Director of Supervision – Investment, Wholesale and Specialists at the FCA. “Keeping this in mind, it is a major concern that a lot of firms still seem to be trying to get the basics right on cyber. A third of firms do not perform regular cyber assessments. Most know where their data is. But describe it as a challenge to maintain that picture.”

The financial services industry is currently one of the slowest to address security flaws. According to cyber security firm Veracode it takes an average 163 days to fix security defects in a financial institution, compared to (for example) just 43 days in Healthcare.

“Global financial institutions are consistently a favourite target of attackers and will continue to be until they speed up vulnerability remediation. Leaving holes in a bank’s security posture is like leaving the keys to the castle under the mat, putting highly valuable information and critical assets at risk,” warns Paul Farrington, Veracode’s EMEA Chief Technology Officer.

“Whilst our data shows the sector is in fact scanning a huge volume of applications and finding flaws that need fixing, the next frontier is achieving greater speed in fixing those flaws, because speed matters. The velocity at which organisations fix flaws they discover in their code directly mirrors the level of risk incurred by applications. The financial sector should consider all dimensions of risk to prioritise which flaws to fix first.”

Related content

WEBINAR

Upcoming Webinar: The evolution of market surveillance across sell-side and buy-side firms

Date: 21 September 2021 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Market surveillance is crucial, and in many cases a regulatory requirement, to ensuring orderly securities markets and sustaining confidence in trading. It can be breached and has become increasingly complex in the wake of the Covid pandemic, Brexit, and...

BLOG

Australia’s Identitii Launches SaaS-Based AML/CTF Platform to Reduce Regulatory Risk

Australia-based Identitii, which specialises in helping regulated entities including banks and other ‘money services’ providers manage regulatory risk, has launched a SaaS-based reporting and compliance platform aimed at addressing AML and counter-terrorist financing (CTF) reporting obligations. The cloud-based platform delivers end-to-end reporting automation and future proofs compliance by accepting any payment file format used today...

EVENT

TradingTech Summit London

TradingTech Summit London will explore how trading firms are innovating in today’s cloud and digital based environment to create flexible, scalable trading platforms to support speed to market and business agility. Leveraging the cloud, AI and ML technologies to get an edge, automate processes and simplify operations in a cost effective way is the name of the game and will share practical insight from practitioners and technology leaders who are innovating and driving forward change in trading operations.

GUIDE

Managing Valuations Data for Optimal Risk Management

The US corporate actions market has long been characterised as paper-based and manually intensive, but it seems that much progress is being made of late to tackle the lack of automation due to the introduction of four little letters: XBRL. According to a survey by the American Institute of Certified Public Accountants (AICPA) and standards...