Credit, Collections & Insolvency News
Figures obtained by RSM under a Freedom of Information request demonstrate a 28 per cent rise in cyber-attacks reported to the FCA by financial services companies last year.
The top cause of incidents was phishing emails, reported by 37 per cent of affected firms, followed by attacks via third-party companies (21 per cent) and DDoS (Distributed Denial of Service) attacks (15 per cent). The recent attack on the US Colonial pipeline demonstrates how much damage a cyberattack can cause, disrupting essential services and infrastructure as well as costing companies millions. Recently McAfee estimated the cost of cybercrime to the global economy is around $1 trillion a year, or 1 per cent of global GDP.
Sheila Pancholi, Technology Risk Assurance and cybersecurity partner at RSM said “Cybercrime rose significantly last year, partly due to the pandemic, and middle-market businesses are viewed as an easy target. With many companies enabling staff to work from home with very little time to implement secure systems, and staff being distracted, fraudsters have seized their chance to exploit weak points. With home and hybrid working models now becoming commonplace, we continue to advise financial services companies to assess their cybersecurity measures and provide safeguards against the ever-changing cyber threat landscape, in addition to ensuring all staff receive adequate and regular training on how to spot the most common types of attack.”
Middle market businesses can be vulnerable to attacks, as they often have only one person responsible for IT security as part of a wider remit. The UK currently has a major shortage of people who are equipped to tackle cybercrime. As a result, experts are highly sought after, and can command high salaries that are often beyond the reach of small or mid-sized organisations.
RSM’s recent report, ‘Cyber Security – Breaking the Kill Chain’ highlighted the importance of creating a security-conscious culture throughout the business, rather than relying on a single individual.
Pancholi continued “With continuing advances in AI, automation and digitisation comes greater risk of systems being compromised. Progress in technology is benefitting cybercriminals too, dramatically increasing the number of attacks they can execute, and enabling them to coordinate activities with other criminals across global networks. Businesses need to protect themselves and good leadership is key, equipping teams with the tools and training to foil an attack and creating a culture where everyone is vigilant and mindful of the risks.”
RSM’s report also highlighted the lack of cybersecurity insurance as a concern. When surveying the firms that do not have a cyber insurance policy in place, 59 per cent of those do not believe a cyber insurance policy is relevant to them, and a further 22 per cent said they don’t know what they need to cover. Only 10 per cent said they are going to take out a policy within the next year.
