New data obtained by RSM under a freedom of information request has revealed that financial services firms reported 819 cyber incidents to the Financial Conduct Authority (FCA) in 2018, a huge rise on the 69 incidents reported in 2017.
The retail banks were responsible for the highest number of reports (486), almost 60% of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.
Fig1: The number of cyber incidents reported to the FCA by regulated firms in 2018 broken down by the sector the incident impacted (source FCA):
| Impacted sector | 2018 | % of incidents |
| Retail banking | 486 | 59% |
| Wholesale financial markets | 115 | 14% |
| Retail investments | 53 | 6% |
| Retail lending | 52 | 6% |
| General insurance and protection | 49 | 6% |
| Pensions and retirement income | 35 | 4% |
| Investment management | 29 | 4% |
| Total | 819 | 100% |
The root causes for the incidents were attributed to third party failure (21% of reports), hardware/software issues (19%) and change management (18%).
The FCA has recently warned of a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience…
