UK banks still aren’t telling regulators about all the cyberattacks on the financial services industry despite a ten-fold increase in reports to the Financial Conduct Authority over the last four years.
“Our suspicion is that there’s currently a material under-reporting of successful cyber attacks,” Megan Butler, the FCA’s director of supervision, said in a speech Tuesday, according to a copy of her remarks on the regulator’s website. “The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry.”
The number of material attacks reported by firms to the FCA has grown to 49 this year from five in 2014, as hacks become one of the biggest threats to the safety of the financial services industry. The type of hacks is also increasingly concerning for regulators and firms with ransomware making up 17% of attacks reported to the regulator, according to Butler.
The FCA opened an investigation in October into the hack of credit reporting company Equifax Ltd that saw personal data stolen from at least 143 million people. Outside of the FCA’s supervision, Uber Technologies Inc paid hackers US$100,000 (RM406,850) to delete data taken from 2.7 million UK customers in a 2016 security breach.
Butler emphasised the need for incidents to be reported to the regulator as they’re happening. She told the ICI global capital markets conference in London that the FCA had recently spent time with a number of US agencies looking at how they could better coordinate cyber supervision against the global threat.
One of the challenges facing firms and regulators is the growing use of cryptocurrencies such as bitcoin in cyber attacks.
Rob Wainwright, the director of Europol, said at a London conference last week that crytocurrencies were a “great enabler for ransomware” because they allow people to act anonymously. He also highlighted the problem of cyber crime and fraud divisions in banks working separately when common actors could be better pursued together. — Bloomberg