The number of cybersecurity breaches for UK financial services firms have tripled in the last two years, with the highest number of breaches being reported within the pensions sector.
A report from the law firm RPC shows that the number of breaches reported to the Information Commissioners Office increased from 187 from 2021 to 2022, to 640 from 2022 to 2023. There was a particularly significant jump in the number of breaches reported by pensions firms, with the numbers rising from six to 246 over this period.
RPC partners and head of cyber and tech insurance Richard Breavington says “It’s a cause for concern that so many financial services firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach.”
While hackers target pension schemes because of large amounts of “valuable, sensitive, and financial data,” Breavington says “cyber security is fundamental to pension scheme trustees’ legal duties”. He points out this is because trustees can be liable for failure in managing cyber risk appropriately.
Absolute Software area vice president (for the EMEA region) Archi Lewis adds: “For many sectors now, it is no longer a question of ‘if’, but ‘when’ an attack will occur. The financial sector is a crucial element within our global economy, handling vast amounts of sensitive data and financial transactions daily, making it a prime target for bad actors.
As such, cyber resiliency has never been more pressing. This means not only having robust preventive measures in place, but also a proactive response mechanism that can swiftly adapt and recover in the face of an attack.”
He says that there is some evidence that the financial service sector is lagging behind other sectors when addressing this issue. According to the Absolute’s Resilience Index 2023, the financial services sector’s Windows 10 patch age was a total of 118 days, higher than the professional services sector.