The delegates at a recent Financial Crime Conference received some stark warnings from the head of technology at the Financial Conduct Authority (FCA) regarding just how severe the threat of a cyberattack could be.

Addressing the Personal Investment Management and Financial Advice Association (PIMFA), Robin Jones, Head of Technology – Resilience and Cyber Specialist Supervision – at the FCA, cited the following statistics:

  • There have been more than 600 ‘significant‘ cyberattacks in the UK in the last three years
  • Over the last three months, cyberattacks have been occurring at a rate of 10 per week
  • The NotPetya attack of June 2017 took just 19 minutes to infect 10,000 systems across the world
  • A major global corporation, FedEx, said it incurred a $300 million loss simply due to the effects of NotPetya, with one of its major subsidiaries, TNT Express, having to cease doing business for a period of time

Mr Jones then called on authorised firms to take the following steps:

  • To understand what their critical assets are, and what back-up arrangements are in place for these
  • To ensure staff are trained as to their cybersecurity responsibilities
  • To understand which third parties have access to the firm’s systems
  • To put in place comprehensive plans for how the firm might deal with a cyberattack were one to occur, so that the plan can be activated should the worst happen

The PIMFA conference also heard from Paul Hoare, Senior Manager, Protect and Prevent at National Crime Agency, who revealed that:

  • One-eighth of the UK’s GDP comes from internet-based activity
  • 47% of reported crime now has some form of cyber element
  • 68% of large firms (across all business sectors) had reported some form of cyberattack or attempted cyberattack
  • 92% of cybercrimes involve an element of phishing

Mr Hoare concluded by saying that, in a worst-case scenario, firms could be forced out of business if they fell victim to a severe cyberattack.

Terry Wilson, from the Global Cyber Alliance, told delegates that it was merely a matter of time before the UK was hit by a major cyberattack, and made reference to firms in all business sectors being “woefully unprepared”.

Even the smallest financial services firms must take the subject of cybersecurity seriously. Any firm unsure as to what they need to do regarding cybersecurity is advised to seek professional advice.

However, Mr Hoare’s comments indicate that a good starting point for authorised firms is to train their staff on what the main cyber threats are, and how suspicious activity might be identified at an early stage. Given that he revealed 92% of cybercrimes are facilitated via phishing, staff need to know that they should never disclose personal details or passwords to anyone. Phishing is a type of fraud where the criminal tries to get the other party to disclose information such as: login details (usernames and passwords), account numbers and credit card numbers. An honest third party will never phone or email to ask for information of this kind. Any email attachment that looks in any way suspicious should not be opened without the approval of the firm’s IT department or external IT consultant.

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article