"Despite investing heavily in security and data protection, it’s clear that many continue to experience challenges in these areas."
The report, based on FCA data obtained via a Freedom of Information (FOI) request, reveals that the FCA received 116 reports of material cyber security incidents in 2021, up from 76 in 2020.
21 cyber incidents were reported to the FCA in March 2021 – the most submitted in any month that year and coinciding with the disclosure of critical vulnerabilities in Microsoft Exchange Server.
65% of incidents reported in 2021 were due to cyber-attacks and approximately one third contained notifications where the confidentiality of company or personal data may have been compromised or breached.
One in five incidents reported to the FCA in 2021 involved ransomware.
Dr Suleyman Ozarslan, co-founder of Picus Security, said: “Financial services firms are amongst the best prepared and most highly capable organisations at detecting and responding to cyber incidents. Yet, despite investing heavily in security and data protection, it’s clear that many continue to experience challenges in these areas.
“The large rise in cyber incidents reported to the FCA in 2021 is a concerning trend and should serve as an important reminder to all firms about the need to make ongoing improvements in all areas of security. This is necessary to not only mitigate the risks posed by external threats but also those which arise due to IT failures and human error.
“Defending financial institutions against all the threats they face remains a tough challenge, made even harder by the growing attack surface. Only by validating security capabilities on a continuous basis can firms hope to measure their threat readiness more accurately and swiftly close the gaps needed to take their operational resilience to the next level.”