Surge in Financial Institutions Reporting Cyber Incidents

01 August 2019

The number of cyber incidents reported by financial services companies has skyrocketed, as regulators are told to encourage scenario testing.

Data from the UK’s Financial Conduct Authority (FCA) revealed that the number of reported cyber events jumped from 69 in 2017 to 819 in 2018, an increase of more than 1,000%. Retail banks accounted for almost 60% of reported incidents.

Third-party failures were the biggest cause of cyber incidents (21% of reports), followed by technical faults (19%), and change management (18%). Human error accounted for 6% of incidents.

There were also 93 cyber-attacks (11% of incidents) reported to the FCA in 2018. Of these, just over half were phishing attacks, 20% were ransomware attacks, 16% were from malicious code, and 11% were denial of service attacks.

Surge in Financial Institutions Reporting Cyber IncidentsThe increase probably reflects increased reporting requirements for banks and other financial services firms.

Last year the FCA observed that firms were reporting incidents more robustly, although it believed that underreporting was still a problem.

UK financial services firms are required to report material cyber events to the FCA, including events that result in significant loss of data or affect the availability of services.

In addition, the EU’s General Data Protection Regulation (GDPR) requires businesses to identify and report data breaches to relevant regulators within 72 hours.

Cyber Scrutiny

Financial services regulators have gradually increased their focus on cyber risk in recent years, following a number of IT-related outages and cyber-attacks. In the latest Bank of England (BoE) Systemic Risk Survey, cyber risk was cited as the biggest threat to finance after political risks.

The Future of Finance Review – commissioned by the BoE and published in June – warned that the financial system is under almost constant cyber-attack and that cyber incidents are growing rapidly in number, scope, and sophistication. It recommended that regulators take steps to enhance protection against cyber risks.

In particular, it recommended that regulators increase the frequency of cyber penetration tests and establish an industry “safe harbour” for encrypted customer account data.

Following the Hamilton Series of cyber exercises conducted by the US government in 2017, the US finance industry established Sheltered Harbor, which enables the recovery of customer account information in the event of a cyber incident.

The report suggested that a UK version of Sheltered Harbor would be a “powerful tool” for firms and authorities alike.

Cyber Insurance

The Future of Finance Review also called for better access to cyber insurance, which it says can help firms build resilience and recover from incidents. According to the report, the “economic and commercial case for cyber-insurance is clear”, yet the “majority of losses remain uninsured”.

Cybe Decoder Survey banner

“Insurance can help businesses recover from the potentially devastating costs of a cyber incident to support and sustain activity and employment in the real economy. Insurance cover can also provide support from specialist insurance risk managers and create incentives to manage risk,” the report said.

In particular, the report recommended that regulators should encourage better information disclosure on cyber threats to help develop the data required for a more effective cyber insurance market.

Increased collation and availability of anonymised data on cyber incidents would be a “tangible step” in developing a deeper insurance market, it said.

Testing Resilience

Following a number of high-profile service outages and cyber-attacks, financial services regulators have turned their attention to the wider issue of cyber resilience.

Last year, the FCA reported an increase of 187% in technology outages reported to the FCA in the first nine months of the year. Many of these outages were linked to re-platforming and outsourcing failures, while 20% of reported incidents were explicitly linked to weaknesses in change management, it said.

In its recent Financial Stability Report, the Bank of England said it will look at how firms recover from a cyber incident. Its Financial Policy Committee confirmed that it would set “impact tolerances” to clarify how quickly firms must restore vital financial services following a severe, but plausible cyber incident.

It will also measure firms’ ability to meet impact tolerances under regular cyber stress tests – with a pilot stress test being conducted over the summer.




  • Sarah StephensSarah Stephens

    As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

    Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

    Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

    For further information or to learn more about cyber insurance, contact Sarah Stephens, Head of Cyber, on +44 (0)20 8108 9541.

  • For more articles like this, download our Cyber Decoder

    Share this article

  • Get everything you need, delivered straight to your inbox.

    Sign up to receive our latest news and insights here.


Services provided in the United Kingdom by Marsh JLT Specialty, a trading name of Marsh Ltd and JLT Specialty Limited (together “MMC”). Marsh Ltd is authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 307511). JLT Specialty Ltd is a Lloyd’s Broker, authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 310428).

This is not legal advice and is intended only to highlight general issues relating to its subject matter. Whilst every effort has been made to ensure the accuracy of the content of this document, no MMC entity accepts any responsibility for any error, or omission or deficiency. The information contained within this document may not be reproduced. If you are interested in utilising the services of MMC you may be required by/under your local regulatory regime to utilise the services of a local insurance intermediary in your territory to export insurance and (re)insurance to us unless you have an exemption and should take advice in this regard.