Triangular chairs with a gleam of sun rays shining through.

Cybersecurity breaches at financial services firms more than trebles

Published on 25 September 2023

Cybersecurity breaches reported by financial service providers rose from 187 in 2021/22 to 640 in 2022/23
UK pension schemes report the biggest increase, 4,000%, in data breach reports to the ICO

UK financial services firms reported 640 cybersecurity breaches to the Information Commissioners Office (ICO) in the year to June 30 2023. A threefold increase on the 187 cybersecurity breaches in the previous period 1, according to research by international law firm RPC.

The pensions sector reported the biggest rise in cybersecurity breaches to the ICO, increasing from six in 2021/22 to 246 in 2022/23. 

Hackers target pension schemes as they hold a huge amount of valuable, sensitive, financial data and it's important that schemes can pay pensioners without disruption, making them potentially vulnerable to ransom demands. 

Richard Breavington, Partner and Head of Cyber and Tech Insurance at RPC said the data highlights how financial services are increasingly experiencing targeted cyber attacks. For pension schemes particularly, trustees can be liable for failure to manage cyber risk appropriately. As per the Pensions Regulator’s cybersecurity guidance, trustees remain accountable for the security of scheme information and assets even when day-to-day functions are outsourced. "Cybersecurity is fundamental to pension scheme trustees' legal duties," explains Richard. 

“It’s a cause for concern that so many financial services firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach. 

“The assumption might sometimes be that major financial services businesses have robust cyber defenses so that they are impervious – that certainly hasn’t stopped hackers continuing to try.”

Any business looking to protect itself from the impact of a cyber-attack should invest in understanding its cyber footprint and the risks it poses and have the right policies/procedures in place. On top of this, organisations should consider cyber insurance to provide coverage for losses resulting from a cyber incident, as well as access to legal, technical forensic and PR support.

Cybersecurity breaches against financial services companies increase more than threefold in 2022/23

Cybersecurity breaches against financial services companies increase more than threefold in 2022/23

1 Data from ICO on cyber attacks that resulted in data breaches