Cyber-attack on Tesco Bank runs against the trend for hackers to focus on non-bank financial services businesses

Reported data breaches at UK banks halve in a year...
...but fraud is just shifting to other parts of the market

The recent cyber-attack on Tesco Bank runs against the trend for hackers to focus on non-bank financial services businesses with lower levels of cyber security, warns RPC, the City-headquartered law firm.

Data breaches reported by UK banks to the Information Commissioner’s Office halved last year, falling from 23 in 2014/15 to 11 in 2015/16.

In contrast reported breaches at insurers increased to 7 last year, up from 4 the year before, and IFAs reported 9 data breaches both last year and this year.

The threat posed by hackers was underlined by Tesco Bank’s recent announcement that the current accounts of 40,000 of its customers were hacked and half of those customers defrauded.

RPC says that the biggest banks have invested heavily in enhancing their cyber-defences in recent years, building extremely robust firewalls and controls. However, the Tesco Bank hack shows that hackers are continuing to look for vulnerabilities in banks’ IT security, and in some cases succeeding.

RPC says that the fact that even businesses with extremely strong cyber defences are falling victim to cyber-fraud should be very worrying for their smaller peers.

Additionally, the targeting of smaller financial services firms with comparatively weaker cyber protection is becoming more common.

Phil Tansley, Legal Director at RPC, says: “The apparently successful cyber-attack on Tesco Bank is an extremely worrying development and a sign of the scale and sophistication some hackers can achieve.”

“What happened to Tesco Bank clearly demonstrates that UK financial services businesses remain a key target for cyber-crime and that banks’ cyber-defences are not infallible.”

“However, the overall trend is for hackers to seek to exploit the path of least resistance – as banks have developed better cyber defences attackers have shifted their focus onto smaller, softer targets.”

“The almost unlimited resources deployed by the biggest banks had been seen as displacing cyber-crime elsewhere.”

“Keeping up with the new tactics and means of attack employed by hackers is time consuming and expensive - these costs are more easily borne by banks with large IT and tech support already in place.”

“Smaller financial services businesses can also be hurt disproportionately when they fall victim to a cyber-attack. It is not just that losing client money or data can cause significant reputational damage but that repairing and cleansing IT systems is very costly.”