View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 6, 2017updated 12 Jul 2022 4:17am

UK banks keep FCA in the dark about cyberattacks

The nearing of GDPR should remind all organisations that cyberattacks must be reported as soon as they are discovered.

By Tom Ball

The FCA has expressed the belief that UK banks are not alerting them to all successful cyberattacks, with the financial services industry known to be among the most relentlessly bombarded.

Although the regulator has issued the warning that all cyberattacks must be reported, there has been a significant increase in reports in recent years. In 2016 49 reports were made to the FCA, dwarfing the incomparable five reports from 2014.

It is not just because of heightened honesty that reports are up, with attack volumes soaring across the board in the past year and the year before. The FCA has said that ransomware plays a key role in this, with it accounting for 17 per cent of the reported attacks.

In a speech, Megan Butler, the Financial Conduct Authority’s director of supervision, said: “Our suspicion is that there’s currently a material under-reporting of successful cyber attacks… The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry… And I want to make it very clear – especially post-Uber and Equifax – that we expect you to tell us about cyber breaches at your firms as soon as you are aware something is wrong.”

The importance of reporting all cyberattacks in a timely fashion is set to grow exponentially with the arrival of GDPR; the General Data Protection Regulation issued by the EU is set to come into effect in less than 170 days.

100% cyberattack explosion predicted in next two years – Huntsman Security
Just half of UK business confident of cybersecurity skills as GDPR nears
NATO: Could cyber attack be the best form of defence?

Failure to achieve GDPR compliance could result in a crippling fine, and one of the prime requirements for compliance is that organisations quickly bring all successful cyberattacks to the attention of the public.

Throughout 2017, major data breaches have grabbed headlines globally, further increasing awareness and applying pressure to large organisations to get to grips with security. Banks in particular should be focussed on achieving rigid security, with another EU directive, PSD2, also pushing banks to bolster security.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.