Finance industry revealed as the second least cyber-secure in the UK

Financial services firms are an increasingly attractive target for cybercriminals. In 2022, according to  IFA Magazine, the finance industry had 305,785 new security breaches, the second highest level in the UK. While the sector is aware of its risks and prioritises security accordingly, preventing and detecting attacks are challenging due to evolving and sophisticated cybercrime techniques.

Maintaining stability is the cornerstone of ensuring economic security for the United Kingdom. Organisations such as banks, building societies, insurance companies, and other companies providing infrastructure for the financial market are essential components of this economic sector. The government, the Bank of England, and key organisations, such as the Financial Conduct Authority (FCA), work together to protect against damage to this ecosystem.

50%+ increase in cyber incidents reported

In the last 12 months, the finance and insurance industry has suffered a 50%+ increase in the total number of cyber incidents reported to the FCA. These financial businesses are attractive targets and frequently experience Advanced Persistent Threat attacks or attempts to exploit ransomware such as Lazarus and Conti.

Within the last two years, many organisations in this sector faced significant impacts created by a record number of critical vulnerabilities, such as those in Microsoft Exchange Server and Log4j.  Most cyber incidents reported in 2021 were due to cyber attacks, resulting in significant ramifications such as the compromise or breach of company or personal data and 20% of incidents involved ransomware.

Controls in place to mitigate cyber attacks

Together with the Bank of England, regulators and government departments focus on preventing and mitigating large-scale cyber attacks on this sector.

However, despite being worth over £9 billion, with over 50,000 people now employed across the cybersecurity industry, the IT industry is still the least cyber-secure in the UK, having experienced 320,060 data breaches in 2022. (Source: IFA Magazine).

Increasing levels of security breaches

Digital transformation and the widespread adoption of remote working have created a wider attack surface and new security vulnerabilities. Suppose these gaps are not prevented, swiftly identified, or mitigated after detection. In that case, they can increase the risk of attack and the likelihood of incidents resulting in significant damage and disruption.

Cybersecurity & Third-Party Risk

The Bank of England’s bi-annual risk survey polled 65 executives in the UK financial sector. It showed that 74% of respondents believed that a cyber attack is the highest present risk to the financial industry, followed closely by inflation or a geo-political incident. Three-quarters are concerned that the probability of a high-impact cyber attack taking place before 2024 is high, an increase of 26% from the first half of 2022.

Sharp rise in reported cyber incidents

According to the UK Government’s Cybersecurity Breaches Survey of 2022, 39% of UK businesses experienced a cyber attack in 2022, with each episode costing them an average of £4,200 in loss of data or real value. Adapting company processes is vital in preventing a high-impact attack. It can help protect valuable customer data and commercial intellectual property and strengthen company systems and methodologies to reassure customers and investors.

Worse still, failing to protect data can open the door to significant financial penalties. In the event of a significant data breach, the Information Commissioner’s Office (ICO) has the authority to levy fines of up to £175 million, equivalent to 4% of the company’s annual revenue worldwide. The Cybersecurity Breaches Survey found that just over half (54%) of businesses had actively identified cybersecurity risks in the previous 12 months. Despite this, only 17% of all organisations in the UK had provided any kind of cybersecurity training for their employees.

How to improve cyber operational resilience

With more companies managing a remote workforce, cyber threats are an ever-complex risk. Remotely bridging laptops, tablets, mobile phones, and other wireless devices to corporate computer networks creates unexpected security vulnerabilities in cybersecurity and Cloud.

Thrive is an expert in working with clients across the financial services industry and offers a unique blend of managed services and consulting to ensure cyber security, compliance and performance.

With an extensive portfolio of cybersecurity services, Thrive offers experience, resources, and the expertise to create a cybersecurity plan that protects vital and sensitive data, SaaS applications, security programs, computer systems, end users, personal information and critical infrastructure from unauthorised access.


Contact Thrive today to learn how we can help your business stay secure in today’s digital age.

How to Apply the New National Cyber Security Centre (NCSC) Toolkit to Your Business

The UK’s top cybersecurity specialists urge business executives to take a more active role in boosting their organisation’s cybersecurity as online threats continue to skyrocket.

The National Cyber Security Centre, part of GCHQ, has released new resources as part of its Cybersecurity Board Toolkit to help businesses become more secure.

This updated Board Toolkit is designed to assist board members and senior leaders across medium and large organisations to be more confident in discussing cybersecurity with key stakeholders.

While most board members do not have to be cybersecurity experts, they should know enough to discuss issues with critical personnel. The Board Toolkit helps members better understand the organisation’s cyber risk profile.

Here is a closer look at the refreshed recommendations and how working with cybersecurity experts can help your business and board members successfully govern online risk.

Create the Right Environment

Embedding Cybersecurity into Your Organisation: Cybersecurity goes beyond having “good IT” in the workplace. It should be integrated into risk management and decision-making, and all business divisions should know their cybersecurity responsibilities.

  • Thrive addresses cybersecurity gaps in your organisation by providing various expert, professional, and consultative services with an agnostic approach to identifying and prioritising risks that drive business decisions.

Developing a Positive Cybersecurity Culture: Security culture defines how employees should think about and approach security in an organisation. People, not just technology or processes, keep an organisation secure.

  • At Thrive, we provide employee training and education to help them understand the importance of cybersecurity and how to identify and prevent attacks. Building a security culture and reducing the risk of human error are now more essential than ever.

Growing Cybersecurity Expertise: Senior management should invest in staff, hire outside experts, and build a talent pipeline with specialised cybersecurity knowledge.


Get the Right Information to Support Decision Making

Identifying Critical Assets in Your Organisation: Risk management requires understanding how technical assets support business goals. The board must convey critical objectives to technical experts.

  • At Thrive, our cybersecurity services begin with comprehensive risk assessments to help businesses understand their unique vulnerabilities and develop a bespoke plan to protect them.

Understanding the Cybersecurity threat: Prioritising threats is necessary to avoid ineffectively defending against everything. It is essential to keep current, identify threats, and undertake threat assessments routinely.

  • With multi-layered end-user protection, Thrive protects your organisation in real-time to identify attacks and mitigate breaches. We provide holistic security solutions for your organisation to protect sensitive data in the Cloud and at all end-user access points.

Risk Management for Cybersecurity: Cybersecurity risk should be included in your overall risk management strategy rather than treated as a single topic (or as only an IT risk).


Take Steps to Manage Those Risks

Implementing Effective Cybersecurity Measures: Basic cybersecurity measures can limit cyber assaults and their reputational, financial, and legal effects. However, you must also customise your defences to your organisation’s top threats.

  • Thrive offers 24x7x365 monitoring and detection with top-of-the-line technology, ensuring that businesses are always protected.

Collaborating with Your Supply Chain and Partners: Building a clear picture of your suppliers (and working with them to establish their sub-contractors) is critical to gaining assurance that threats from the supply chain are understood and risks mitigated.

  • As a business, you need the best cybersecurity resources, trusted external partners, and the latest technology platforms that help to discover operational security gaps. Thrive helps develop a comprehensive action plan to remedy and mitigate threats.

Planning Your Response to Cyber Incidents: Cybersecurity events can cost an organisation money, productivity, reputation, and customers. Being prepared to recognise and promptly respond to problems can prevent the attacker from doing further harm and limit the financial and operational impact.

  • Besides data and revenue loss, your business could lose customer trust and have a tarnished brand reputation. Thrive’s disaster recovery services have helped companies recover quickly and minimise downtime.


Contact Thrive today to learn how we can help your business stay secure in today’s digital age.

Thrive’s Acquisitive MSP Strategy Jelling With Custard Technical Buy

‘It’s the wild, wild West in terms of managed services and managed security services,’ says CEO Rob Stephenson after his firm’s acquisition of U.K. firm Custard Technical Services.