Financial services firms increasing target for cyber criminals

A leading law firm has said the UK financial services sector continues to reel under the ongoing onslaught of cyber-attacks on their systems.

Releasing its research today RPC said UK financial services firms reported 640 cybersecurity breaches to the Information Commissioners Office (ICO) in the year to June 30, 2023. The figure is a 300 percent  increase on the 187 cybersecurity breaches in the previous period and should act as a wake up call to financial services companies the address their cyber security.

The pensions sector reported the biggest rise in cybersecurity breaches to the ICO, increasing from six in 2021/22 to 246 in 2022/23.

Hackers target pension schemes as they hold a huge amount of valuable, sensitive, financial data and it’s important that schemes can pay pensioners without disruption, making them potentially vulnerable to ransom demands, RPC explained.

Richard Breavington, partner and head of Cyber and Tech Insurance at RPC said the data highlights how financial services are increasingly experiencing targeted cyber-attacks. For pension schemes particularly, trustees can be liable for failure to manage cyber risk appropriately.

As per the Pensions Regulator’s cybersecurity guidance, trustees remain accountable for the security of scheme information and assets even when day-to-day functions are outsourced. “Cybersecurity is fundamental to pension scheme trustees’ legal duties,” added Breavington. “It’s a cause for concern that so many financial services firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach.

“The assumption might sometimes be that major financial services businesses have robust cyber defences so that they are impervious – that certainly hasn’t stopped hackers continuing to try.”

RPC advised any business looking to protect itself from the impact of a cyber-attack should invest in understanding its cyber footprint and the risks it poses and have the right policies/procedures in place.

“On top of this, organisations should consider cyber insurance to provide coverage for losses resulting from a cyber incident, as well as  access to legal, technical forensic and PR support,” it added.