UK Banks Under-Reporting Successful Cyber Attacks: Regulator
UK banks still aren’t telling regulators about all the cyber attacks on the financial services industry despite a ten-fold increase in reports to the Financial Conduct Authority over the last four years.
“Our suspicion is that there’s currently a material under-reporting of successful cyber attacks,” Megan Butler, the FCA’s director of supervision, said in a speech Tuesday, according to a copy of her remarks on the regulator’s website. “The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry.”
The number of material attacks reported by firms to the FCA has grown to 49 this year from five in 2014, as hacks become one of the biggest threats to the safety of the financial services industry. The type of hacks is also increasingly concerning for regulators and firms with ransomware making up 17 percent of attacks reported to the regulator, according to Butler.
The FCA opened an investigation in October into the hack of credit reporting company Equifax Ltd. that saw personal data stolen from at least 143 million people. Outside of the FCA’s supervision, Uber Technologies Inc. paid hackers $100,000 to delete data taken from 2.7 million U.K. customers in a 2016 security breach.
Butler emphasized the need for incidents to be reported to the regulator as they’re happening. She told the ICI global capital markets conference in London that the FCA had recently spent time with a number of U.S. agencies looking at how they could better coordinate cyber supervision against the global threat.
One of the challenges facing firms and regulators is the growing use of cryptocurrencies such as bitcoin in cyber attacks.
Rob Wainwright, the director of Europol, said at a London conference last week that crytocurrencies were a “great enabler for ransomware” because they allow people to act anonymously. He also highlighted the problem of cyber crime and fraud divisions in banks working separately when common actors could be better pursued together.
The growing sophistication of technology is also a positive for banks though when it comes to crime. On Wednesday, Rob Gruppetta, the FCA’s head of financial crime, said firms are working on replacing humans with artificial intelligence to detect money laundering, according to a copy of his comments on the FCA’s website. Gruppetta discussed how comfortable regulators would be if firms replaced human monitoring wholesale with technology.
“We are chiefly concerned about whether these systems are effective and spot the needles in the haystack,” Gruppetta said at an FCA fintech event. “Any bank hoping for a black box in the corner that will sniff out the launderers will be disappointed, but the technology has the capability to better achieve what we all want: keeping finance clean.”