Banks in the United Kingdom still aren’t telling regulators about all the cyber attacks on the financial services industry despite a ten-fold increase in reports to the Financial Conduct Authority over the last four years, Bloomberg reported yesterday.
“Our suspicion is that there’s currently a material under-reporting of successful cyber attacks,” Megan Butler, the FCA’s director of supervision, said in a speech yesterday, according to a copy of her remarks on the regulator’s website.
“The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry.”
The number of material attacks reported by firms to the FCA has grown to 49 this year from five in 2014, as hacks become one of the biggest threats to the safety of the financial services industry.
The type of hacks is also increasingly concerning for regulators and firms with ransomware making up 17 percent of attacks reported to the regulator, according to Butler.
The FCA opened an investigation in October into the hack of credit reporting company Equifax Ltd. that saw personal data stolen from at least 143 million people. Outside of the FCA’s supervision, Uber Technologies Inc. paid hackers $100,000 to delete data taken from 2.7 million U.K. customers in a 2016 security breach.
Butler emphasized the need for incidents to be reported to the regulator as they’re happening.
She told the ICI global capital markets conference in London that the FCA had recently spent time with a number of U.S. agencies looking at how they could better coordinate cyber supervision against the global threat.
One of the challenges facing firms and regulators is the growing use of cryptocurrencies such as bitcoin in cyber attacks.