Massive rise in cyber attacks on finance firms

Financial services firms reported a more than a threefold increase in cyber security breaches to the Information Commissioners Office this year.

Some 640 were reported during the year to June, up from the 187 from the same period in 2022, according to research from international law firm RPC.

The pensions sector saw the biggest rise, from six to 246. RPC said that they are a target for hackers “as they hold a huge amount of valuable, sensitive and financial data”.

Achi Lewis

Achi Lewis: ‘If, not when’

Caleb Mills, Professional Services Director at Doherty Associates said the findings serve as a stark reminder of the ever-escalating threats facing the financial services industry.

“The notable increase in reported cyber incidents could be interpreted as a positive sign.” He added. “It might indicate that more firms are aware of cybersecurity issues and are actively reporting incidents.

“This would reflect a heightened awareness of the importance of cybersecurity within financial firms. This proactive approach is a significant step toward enhancing overall cybersecurity posture and mitigating potential risks effectively.

“With financial institutions safeguarding vast repositories of highly sensitive financial and personal data, they remain prime targets for malicious actors. It’s clear that no firm, regardless of its size, can afford to underestimate the importance of cyber defences.

“A holistic approach to cybersecurity is imperative, demanding constant monitoring and timely updates across every link in the supply chain.

Cyber resiliency has never been more pressing. This means not only having robust preventive measures in place, but also a proactive response mechanism

“The consequences of failing to maintain a robust security posture are profound; they extend beyond financial implications to lasting reputational damage should a financial services business fall victim to a data breach. The stakes are high, and the need for vigilance has never been more evident.”

Achi Lewis, Area VP EMEA for Absolute Software, said: “For many sectors now, it is no longer a question of if, but when an attack will occur. The financial sector is a crucial element within our global economy, handling vast amounts of sensitive data and financial transactions daily, making it a prime target for bad actors.

Rob Otto

Rob Otto: vigilance needed

“As such, cyber resiliency has never been more pressing. This means not only having robust preventive measures in place, but also a proactive response mechanism that can swiftly adapt and recover in the face of an attack.

“Self-healing technology can empower financial institutions to automatically detect and repair damaged applications and devices, effectively preventing re-infection and reducing downtime.”

Rob Otto Field CTO and Principal Solutions Architect at Ping Identity described the rise as a “staggering uptick” that shows that as much as we assume that financial institutions have airtight security protocols, hackers are anything but deterred.

“To protect both their operations and their clients, enterprises must become more vigilant and proactive by adopting identity security measures like multi-factor authentication (MFA). This helps ensure that even if a hacker acquires or guesses a password, users’ funds are better protected because access requires an additional layer of authentication, and therefore security.

Caleb Mills

Caleb Mills: rising threat

“In a world where people are increasingly demanding seamless online experiences, the future of payment security should in fact shift towards fully passwordless solutions that use biometrics and device identifiers to simplify the identity verification process while also making it more secure.”

Richard Breavington, Partner and Head of Cyber and Tech Insurance at RPC said the data highlights how financial services are increasingly experiencing targeted cyber attacks. For pension schemes particularly, trustees can be liable for failure to manage cyber risk appropriately.

“Cybersecurity is fundamental to pension scheme trustees’ legal duties,” he said.

“The assumption might sometimes be that major financial services businesses have robust cyber defenses so that they are impervious – that certainly hasn’t stopped hackers continuing to try.”


Cybersecurity: Why FDs need to lead the fightback

The CFO and cybersecuity: staying resilient in the age of digital

Five thing you need to do if your company is hacked