Financial sector cyber incidents increase by 1,000%

A Freedom of Information (FoI) request has revealed that cyber-incident reports from the UK finance sector increased by a whopping 1,000% in 2018. The Financial Conduct Authority figures show that the number of declared cyber incidents and attacks rose from 69 in 2017 to 819 in 2018.

Financial cyber incidents are on the rise

Hacking is now big business. And, organisations that hold financial data are a particularly lucrative target.

Worryingly, there are also signs that cybercriminals are becoming increasingly sophisticated. For example, AI-assisted imposters have become an increased threat. With machine-learning helping to make existing cyber-attack efforts like identity theft, denial-of-service attacks and password cracking faster, more formidable, and more effective.

Furthermore, as we move deeper and deeper into the Internet of Things (IoT), more and more devices and data are going to be connected to the internet. Keeping these safe from hackers is going to be an ongoing challenge.

Consumer banks accounted for nearly 60% of the data breach reports

Tax and consulting firm RSM made the FoI request. Commenting on the sharp rise in financial sector cyber incidents, a spokesperson for RSM told the BBC that:

"The web-enabled systems underpinning the financial services sector hold huge volumes of personal and financial data, which are incredibly valuable for cyber-criminals.

"One of the problems is that there are lots of freely available cyber-attack tools and knowledge that can be sourced online. There is currently no legislation that makes possessing or developing these tools illegal and this is exacerbating the problem."

Why are these cyber incidents happening?

Consumer banks accounted for nearly 60% of the data breach reports submitted last year. The most common types of cyber-incident include:

• Third-party failure
• Hardware and software issues
• Change management (attempts to switch from one system to another)
• Human error

Cyber-attacks such as DDos, malware, ransomware and phishing accounted for only about 11% of the incidents.

Cybercriminals do not cause the vast majority of cyber incidents

At Hayes Connor Solicitors, we are only too aware that the number of cyber incidents is rising.

Of course, the amount of reports has undoubtedly increased due to the GDPR. This is because GDPR puts a new obligation on organisations to report cybersecurity breaches. But this does not detract from the fact that attacks are happening on an unprecedented scale.

Commenting on the findings, Hayes Connor managing director and data protection stalwart Kingsley Hayes added his insight on this matter. He said:

"Unfortunately, the sheer scale of financial data breaches doesn't surprise me. I've been warning organisations about the level of risk they are exposed to since before GDPR.

"But, while protection against cybercriminals should now be a priority for the entire financial sector, it's vital to understand that the vast majority of data breaches are not caused by cybercriminals, but by human errors and a failure to ensure robust security processes. This situation is not acceptable, and it is contributing to a huge rise in cyber incidents. Many of which are entirely avoidable.

"It is also important to look at the sheer scale of third-party failures. Especially as a recent study has found that the number of companies suffering data breaches because of third parties is growing[1]. Shockingly, this report also revealed that the majority of companies do not monitor the security and privacy practices of vendors with whom they share sensitive or confidential information - or they are unsure if they do.

"With breaches often devastating to victims, especially when they find their financial and personal data exposed, businesses must do more to meet their data privacy responsibilities, or risk increased compensation claims."

Awareness is crucial

When it comes to data breaches, it's now urgent that businesses look at the threat from within, as well as putting measures in place to protect themselves from the bad guys.

On a positive note, there are some signs that financial businesses are getting better at identifying and reporting cyber-attacks. And, if the financial services industry is now taking cybersecurity more seriously, this is a good thing for customers.

At Hayes Connor, we believe that raising awareness of the growing cybersecurity threat will help organisations across the UK improve their data protection processes. But it's also vital that we all do our bit to protect ourselves as individuals.

How to protect yourself from a financial security incident

When it comes to protecting yourself from financial fraud, you should:

• Don't disclose security details, such as your PIN or full banking password
• Never assume an email, text or phone call is authentic
• Don't be rushed - a genuine organisation won't mind waiting. If you panic you are more likely to make a decision you'll regret
• Listen to your instincts - you know if something doesn't feel right
• Keep an eye on your bank and credit card statements to see if there is anything you don't recognise
• Make sure you read your credit card statements and other letters that come from your bank

If your identity has been stolen, you should also:

• Contact your bank/credit card provider immediately
• Consider a credit freeze until the matter is resolved
• Report the scam to the police and contact Action Fraud for advice on what to do next
• Let the credit reference agencies know of any activity that was not down to you
• Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a financial cyber incident,find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.

[1] Ponemon Institute