Security researchers stated that Phishing and Ransomware attacks are the most reported types of cyber-attacks on financial services firms. According to the Audit and Consulting firm RSM International in the United Kingdom, around 819 cyber incidents were reported by Financial services firms to the Financial Conduct Authority (FCA) last year.
RSM said that Retail Banks were the most frequently affected by cyber-attacks (486 security incidents) followed by wholesale financial markets (115 attacks), and retail investment firms (53 incidents). In 2018, financial firms reported around 93 cyber-attacks, in which half of these (48 attacks) were phishing attacks while 20 percent (19 attacks) were ransomware attacks.
RSM said the sudden increase in the companies reporting security incidents was due to the introduction of the European Union’s General Data Protection Regulation (GDPR) laws that took effect last May.
“Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls,” said RSM technology risk assurance partner Steve Snaith. “More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place.”
A recent study revealed that the introduction of the GDPR has resulted in a significant decrease in data leaks and thefts. The study dubbed Data Privacy Benchmark Study from networking company Cisco Systems stated that nearly three-quarter of GDPR-ready companies suffered fewer data breaches in the last year than organizations that have not been GDPR compliant.
The survey report, which is prepared based on data from more than 3,200 security professionals in 18 countries and across all major industries worldwide, also found that approximately 60 percent of companies have met most of the GDPR requirements, with nearly 30 percent more expected to do so within a year.
Country wise, the research stated the level of GDPR-readiness increased from 42 percent to 76 percent, stating that the European countries (Spain, Italy, UK, France, and Germany) were on the higher end of the range. Data security, internal training, evolving regulations, and Privacy by Design requirements were the major challenges faced by organizations while getting ready for GDPR, the research stated.