Finance industry revealed as the second least cyber-secure in the UK

Financial services firms are an increasingly attractive target for cybercriminals. In 2022, according to  IFA Magazine, the finance industry had 305,785 new security breaches, the second highest level in the UK. While the sector is aware of its risks and prioritises security accordingly, preventing and detecting attacks are challenging due to evolving and sophisticated cybercrime techniques.

Maintaining stability is the cornerstone of ensuring economic security for the United Kingdom. Organisations such as banks, building societies, insurance companies, and other companies providing infrastructure for the financial market are essential components of this economic sector. The government, the Bank of England, and key organisations, such as the Financial Conduct Authority (FCA), work together to protect against damage to this ecosystem.

50%+ increase in cyber incidents reported

In the last 12 months, the finance and insurance industry has suffered a 50%+ increase in the total number of cyber incidents reported to the FCA. These financial businesses are attractive targets and frequently experience Advanced Persistent Threat attacks or attempts to exploit ransomware such as Lazarus and Conti.

Within the last two years, many organisations in this sector faced significant impacts created by a record number of critical vulnerabilities, such as those in Microsoft Exchange Server and Log4j.  Most cyber incidents reported in 2021 were due to cyber attacks, resulting in significant ramifications such as the compromise or breach of company or personal data and 20% of incidents involved ransomware.

Controls in place to mitigate cyber attacks

Together with the Bank of England, regulators and government departments focus on preventing and mitigating large-scale cyber attacks on this sector.

However, despite being worth over £9 billion, with over 50,000 people now employed across the cybersecurity industry, the IT industry is still the least cyber-secure in the UK, having experienced 320,060 data breaches in 2022. (Source: IFA Magazine).

Increasing levels of security breaches

Digital transformation and the widespread adoption of remote working have created a wider attack surface and new security vulnerabilities. Suppose these gaps are not prevented, swiftly identified, or mitigated after detection. In that case, they can increase the risk of attack and the likelihood of incidents resulting in significant damage and disruption.

Cybersecurity & Third-Party Risk

The Bank of England’s bi-annual risk survey polled 65 executives in the UK financial sector. It showed that 74% of respondents believed that a cyber attack is the highest present risk to the financial industry, followed closely by inflation or a geo-political incident. Three-quarters are concerned that the probability of a high-impact cyber attack taking place before 2024 is high, an increase of 26% from the first half of 2022.

Sharp rise in reported cyber incidents

According to the UK Government’s Cybersecurity Breaches Survey of 2022, 39% of UK businesses experienced a cyber attack in 2022, with each episode costing them an average of £4,200 in loss of data or real value. Adapting company processes is vital in preventing a high-impact attack. It can help protect valuable customer data and commercial intellectual property and strengthen company systems and methodologies to reassure customers and investors.

Worse still, failing to protect data can open the door to significant financial penalties. In the event of a significant data breach, the Information Commissioner’s Office (ICO) has the authority to levy fines of up to £175 million, equivalent to 4% of the company’s annual revenue worldwide. The Cybersecurity Breaches Survey found that just over half (54%) of businesses had actively identified cybersecurity risks in the previous 12 months. Despite this, only 17% of all organisations in the UK had provided any kind of cybersecurity training for their employees.

How to improve cyber operational resilience

With more companies managing a remote workforce, cyber threats are an ever-complex risk. Remotely bridging laptops, tablets, mobile phones, and other wireless devices to corporate computer networks creates unexpected security vulnerabilities in cybersecurity and Cloud.

Thrive is an expert in working with clients across the financial services industry and offers a unique blend of managed services and consulting to ensure cyber security, compliance and performance.

With an extensive portfolio of cybersecurity services, Thrive offers experience, resources, and the expertise to create a cybersecurity plan that protects vital and sensitive data, SaaS applications, security programs, computer systems, end users, personal information and critical infrastructure from unauthorised access.

Contact Thrive today to learn how we can help your business stay secure in today’s digital age.