The UK’s financial services regulator saw the number of data breaches reported to it grow by 480% from 2017 to 2018, according to a new report.
The Financial Conduct Authority (FCA) figures reveal a rise of reported breaches from just 25 in 2017 to 145 last year.
Investment banks are said to have reported the largest number of incidents in 2018, at 34, while retail banks saw the largest percentage increase over the period (2400%), as their reported breaches grew from one to 25.
The figures were revealed in a Freedom of Information (FOI) request from law firm RPC, according to the FT.
The firm believes the GDPR has had a major impact on transparency in the industry. The highest number of reports (20) apparently came in June 2018, the first month after the new data protection legislation was introduced.
The FCA has long been aware of under-reporting of cybersecurity incidents in the industry. Director of supervision, Megan Butler, claimed as much at the end of 2017 when the regulator said it had seen the number of reported “material attacks” increase from five in 2014 to just 49 in that year.
It subsequently introduced new rules as part of the Second Payment Services Directive (PSD2) requiring banks to reveal to customers how many times they’d been hit by a major operational or security incident.
However, it’s not clear how much detail lenders will be forced to go into on each.
It’s not just UK banks that are reporting more breaches: the number has tripled globally over the past five years, according to a February 2018 report from Accenture.
The consultancy claimed that the average number of cybersecurity breaches per firm in the sector grew from 40 in 2012 to 125 in 2017, while the average cost of cybercrime increased by more than 40% over three years, from $13m per firm in 2014 to $18m in 2017. By contrast, the average cost per firm for other sectors was just under $12m.