New data released by the RSM has revealed a massive jump in reported cyber incidents amongst financial services firms, increasing over 1,000% between reports of just 69 incidents in 2017 and reports of 819 incidents in 2018.
These shocking numbers were released by RSM just over a week ago after obtaining them from the Financial Conduct Authority under a freedom of information request. On top of the big headline statistic, RSM also released some insights into how this affected various sectors within the financial services industry, and the different types of incidents that were included in the reports.
The highest amount of reports (486) were submitted by the retail banks, making up almost 60% of the total number, followed by wholesale financial markets with 115 reports and retail investment firms with 53 reports. Many experts have claimed that the increase in reports in general is due to the introduction of GDPR, making it mandatory for organisations to report all cyber incidents and issuing penalties for those who don't - but others believe that this alone is not enough to affect one specific industry to such an extent, and that increased targeting of the financial services sector must also be to blame.
The banking sector that was highlighted as the highest in reporting seems to support this belief, with seven UK retail banks including Santander, Royal Bank of Scotland, Barclays and Tesco Bank being forced to reduce operations and shut down systems following a DDOS attack last April, acting as a clear example of this precise targeting of financial businesses.
After further analysis of the numbers, three root causes for the incidents were identified; third party failure with 21% of reports, hardware/software issues with 19%, and change management with 18%. Third party failure commonly refers to an incident in which a supplier company with access to your data or systems experiences a data breach or application vulnerability, often resulting in a high or moderate business impact for their professional customers, such as impaired customer service, material financial loss, reputational damage, or a regulatory breach.
On top of these figures for general reported incidents, RSM also delved into the topic of direct cyber-attacks on businesses, which fell just below the previously mentioned 'root causes' making up 11% of incidents with 93 reports through 2018. Of these reported attacks, over half were initiated through phishing or credential stuffing, followed by ransomware with 20%.
Strengthening Financial Services
It's clear from the numbers above that the financial sector is a significant target for cyber-criminals due to their access to money and financial data like credit card numbers - as well as seemingly not taking measures to effectively protect their data or endpoints from malicious activity or mistakes. Below we have listed our suggested solutions for achieving complete protection in these areas - including backing up vital data, encrypting online communications, combating advanced targeted attacks and training users to identify security threats for themselves.
Barracuda's Total Email Protection stack combines 3 levels of email security with Forensics and Incident Response - a secure email gateway with Essentials, AI-powered inbox defence with Sentinel, and user awareness training & simulation with PhishLine.
Combined, these offer users the ability to backup & archive Office 365 data; block inbound spam & malware; detect signs of social engineering, account takeover & fraud; and identify & develop high-risk employees through simulated attacks and training courses.
For more information on how these solutions work as a combined service, download the
Solution Brief here: