Technology

UK Financial Regulator Fires Cyber-Security Warning

Tom Burroughes Group Editor 29 November 2018

UK Financial Regulator Fires Cyber-Security Warning

The UK financial sector is still too complacent about cyber-security threats, the FCA has warned.

The financial services sector remains under great threat from cyber-criminals, and it is worrying that many firms appear overly confident that they can manage technology changes and stay ahead of the game, a senior UK regulator has warned.

The Financial Conduct Authority says that its data shows there will be no let-up in the volume and severity of cyber-crime threats, and that banks and other financial services are in the firing line.

Until October this year, firms reported a 138 per cent increase in technology outages to the FCA, with 18 per cent of all the incidents reported being cyber-related.

“The cast list of organisations hit by big data leaks is long and growing: Cathay Pacific, JP Morgan, British Airways, Yahoo, My Heritage, Facebook, eBay, Uber and Equifax among them,” Megan Butler, executive director of supervision – investment, wholesale and specialists, said in a speech this week

“You’ll notice that financial services aren’t over represented in that group. And our analysis today suggests this isn’t just luck. Areas like retail banking, payments, and pensions and retirement income, in particular, describe themselves in our report as having effective cyber controls. But it is important to say that we are seeing some serious vulnerabilities across areas like identification of key assets, information and detection,” Butler continued.

She said that the rise in incidents reported to the FCA does not present a one-dimensional picture of a surge in cyber-attacks and outages. Firms are reporting incidents more robustly, she said, although under-reporting remains a problem.

“We are worried that a lot of firms seem overly confident about their ability to manage flagship IT change programmes and keep their systems up to date. Both large and smaller businesses described it as a strength in our questionnaire. Yet this is a level of confidence that simply isn’t supported by the data we’ve collected on the ground,” she continued.

Butler said that 20 per cent of the reported incidents over the last 12 months were explicitly linked to weaknesses in change management.

“There are two possible explanations for this. The first is that people are ignoring dangerous or negative information. Behavioural scientists might describe this as an ‘Ostrich bias’. The second is that leaders don’t appreciate the level of risk, or else they overestimate their abilities. An overconfidence bias. And this overconfidence bias does seem to be particularly characteristic in financial services,” she said.

The cyber-threats are changing employment patterns in finance, Butler noted. “Historically, and for most of my career in this industry, the rock stars of finance were always the alpha traders. Today, it’s the chief information officers and IT consultants who are in high demand and short supply. Meaning the best are difficult to employ and hard to retain. A challenge reflected by the fact that all the wholesale banks and asset managers we met after this survey said they were concerned about a shortage of cyber expertise,” she added.

Register for WealthBriefing today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes