The UK Financial Conduct Authority (FCA) has published the results of a survey of 296 financial sector firms which assessed their technology and cyber resilience capabilities. The results, released in the report 'Cyber and Technology Resilience: Themes from cross-sector survey 2017 - 2018', identify areas of strength and those for improvement.
Key findings include:
- Cyber attacks show no sign of decreasing in volume. They accounted for 18 percent of the operational incidents reported to the FCA between October 2017 and September 2018.
- Technology outages in the financial services sector are becoming more frequent and publicised. The number of incidents reported to the FCA has increased by 138 percent in the past year. Some firms are still relying on ageing IT systems.
- Most firms rank cyber resilience as their top concern. Firms’ responses highlight cyber weaknesses in three areas: people, third party management, and protecting their key assets. Nearly 80 percent of respondents struggle to maintain a view of what information they hold and of their third parties. Firms also identified challenges in identifying and managing their high-risk staff and then educating those employees with access to critical systems or sensitive data, who are more likely to be targeted by cyber criminals.
- Failed IT changes caused 20 percent of the operational incidents reported to the FCA between October 2017 and September 2018.
- Third party issues, such as an IT failure at an important supplier, accounted for 15 percent of the operational incidents reported to the FCA (the second highest root cause). This demonstrates how increasingly important third parties are to firms and their customers, and the need to manage them effectively to prevent disruption.
Read the report (PDF).