You are here: Home - News -

FCA stats reveal rise of data hacking in financial services

  • 21/02/2018
  • 0
FCA stats reveal rise of data hacking in financial services
Reported incidents of cyber attacks against financial services firms rose 80% from 38 in 2016 to 69 in 2017, with hacking resulting in loss of data increasing fourfold from four to 17 over the same period.


The retail banking sector suffered the highest number of reported attacks over 2017 with 17 different incidents, which was followed closely by retail lenders and investment management firms with each reporting 16 attacks, according to the Financial Conduct Authority (FCA).

The statistics were revealed in a freedom of information (FoI) response to consulting firm RSM.

In addition to the quadrupling of data hacks, the stats also showed that cases of malware infection which led to financial loss jumped from just one in 2016 to four last year.

Steve Snaith, technology risk assurance partner at RSM, said: “We have previously raised concerns that there is likely to be significant under-reporting of cyber attacks by regulated financial services firms. Nevertheless, these new numbers do reveal some important trends.”


Cyber incidents reported to the FCA during 2015, 2016, and 2017 by regulated firms.

Type of attack  2015  2016  2017 
Denial of Service 20 18 16
Hacking – Loss of Data 0 4 17
Ransomware 0 4 8
Cyber 0 0 10
Hacking – Service Disruption 2 3 4
Phishing/ Smishing / Vishing 0 1 5
MalWare – Financial Loss 1 1 4
Unathorised access – CMA 0 2 1
Phishing/ Smishing 0 3 0
Third Party Failure 0 1 1
Data Leakage 0 0 2
Social Engineering – Financial Loss 1 0 1
Fraud 0 1 0
Grand Total 24 38 69


Sector 2015   2016   2017 
Retail banking and payments 9 23 17
Retail lending 1 2 16
General insurance and protection 1 1 11
Pensions and retirement income 2 1 2
Retail investments 0 1 1
Investment management 4 3 16
Wholesale financial markets 7 7 6


Source: FCA (Note: the FCA logs attack campaigns which may involve a series of incidents attributable to the same actor with the same motivation as a single incident.)


Snaith continued: “The jump in incidents of data loss resulting from hacking attacks should be particularly concerning to the financial services sector, given we are just months away from the new GDPR regime coming into force.

“GDPR should be one of the most pressing issues for the sector and regulated companies should heed the FCA’s recent warning that firms must improve their cyber resilience.

“Cyber-attacks are becoming increasingly sophisticated and are constantly evolving and adapting. One of the biggest challenges is trying to ensure that defensive controls keep up,” he added.

There are 0 Comment(s)

Comments are closed.

You may also be interested in