UK banks still aren’t telling regulators about all the cyber attacks on the financial services industry despite a ten-fold increase in reports to the Financial Conduct Authority over the last four years, writes Suzi Ring.
“Our suspicion is that there’s currently a material under-reporting of successful cyber attacks,” Megan Butler, the FCA’s director of supervision, has said. “The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry,” she said.
The number of material attacks reported by firms to the FCA has grown to 49 this year from five in 2014, as hacks become one of the biggest threats to the safety of the financial services industry.
The type of hacks is also increasingly concerning for regulators and firms with ransomware making up 17% of attacks reported to the regulator, according to Ms Butler. The FCA opened an investigation in October into the hack of credit reporting company Equifax that saw personal data stolen from at least 143m people.
Outside of the FCA’s supervision, Uber Technologies paid hackers $100,000 (€84,770) to delete data taken from 2.7m UK customers in a 2016 security breach.
Ms Butler emphasised the need for incidents to be reported to the regulator as they’re happening. She told the ICI global capital markets conference in London that the FCA had recently spent time with a number of US agencies looking at how they could better co-ordinate cyber supervision against the global threat.
One of the challenges facing firms and regulators is the growing use of cryptocurrencies such as bitcoin in cyber attacks. Rob Wainwright, the director of Europol, said at a London conference last week that cryptocurrencies were a “great enabler for ransomware” because they allow people to act anonymously.
He also highlighted the problem of cyber crime and fraud divisions in banks working separately when common actors could be better pursued together.
The growing sophistication of technology is also a positive for banks though when it comes to crime.