Security Incidents Reported to FCA Surge 52% in 2021

The number of cybersecurity incidents reported to the UK’s financial regulator surged by over 50% last year after a significant increase in cyber-attacks, according to new figures from Picus Security.

The security vendor submitted Freedom of Information (FoI) requests to the Financial Conduct Authority (FCA) to compile its latest report, Cybersecurity Incidents in the UK Financial Sector.

The 52% year-on-year increase in “material” security incidents reported to the FCA seems to have been driven by cyber-attacks, which comprised nearly two-thirds (65%) of these reports.

Picus Security claimed that the rest are likely explained by “system and process failures and employee errors.”

In addition, a third of incident reports were about corporate or personal data breaches, and a fifth involved ransomware.

Picus Security explained that to qualify as a material incident, there needs to have been a significant loss of data, operational IT outages, unauthorized IT access, and/or an impact on a large number of customers.

The FCA fielded a total of 116 such reports in 2021, up from 76 in 2020 and 106 in 2019.

Picus Security co-founder, Suleyman Ozarslan, argued that while financial services firms are among the best prepared to detect and respond to cyber-threats, there’s always room to improve.

“Defending financial institutions against all the threats they face remains a tough challenge, made even harder by the growing attack surface,” he added.

“Only by validating security capabilities on a continuous basis can firms hope to measure their threat readiness more accurately and swiftly close the gaps needed to take their operational resilience to the next level.”

Interestingly, the most significant number of material security incidents in 2021 were submitted in March, the same month that it emerged multiple threat groups were exploiting four zero-day Microsoft Exchange Server bugs, known as ProxyLogon.

Leave a Reply