UK Financial firms have been hit by cyber criminal 75 times this year, a marked increase from the five reports filed in 2014, said the FCA’s director of specialist supervision Nausicaa Delfas at a recent conference on cyber security.
This might be partly attributable to greater transparency in the financial sector: “Whilst this significant increase indicates more attacks are occurring, this may also suggest better detection and greater reporting to us on the part of firms, which we very much encourage.”
Delfas said that up until now regulators had been focusing their attention only on the the largest banks, which have been evaluated according to the Bank of England’s CBEST penetration testing programme.
Going forward, the FCA will focus financial firms that are most at risk, and not necessarily the largest. “The reality is that even the smallest firm holds large quantities of sensitive data – which if compromised could then have a ripple effect to other areas of the financial sector, and indeed businesses more broadly,” said Delfas.
The director of specialist supervision also drew attention to the recently published FCA cloud outsourcing guidelines, where the benefits of the cloud are acknowledged, but firms are ultimately responsible for any risks.
“Whilst you can outsource a service, and realise the benefits that the cloud undeniably brings, you cannot outsource the associated responsibility for the risks. These are yours to manage, whether you’re a start up or an established multi-national,” said Delfas.
