A Freedom of Information (FOI) request has discovered that the Financial Conduct Authority’s (FCA) has tripled its cyber security budget for 2017-2018.
In the financial year 2016-17, the regulator spent £3.8 million on digital defence and in response to the increasing threat posed by online subterfuge, the FCA has upped its budget to £9.8 million for 2017-2018.
Since 2013, the FCA’s annual expenditure on its own cyber-security has gone up seven fold, from £1.4 million in 2013-14.
At the same time, the FCA’s annual spend relating to the work it undertakes to help regulated firms become more resilient to cyber-attacks has also gone up - notably in the last year, with the regulator increasing spending by almost 50%.
These efforts by the FCA seem to be proving effective. In 2015 it detected 50,823,890 suspicious events. However, by 2016 that number had fallen to 21,137,147.
The FOI also revealed that the regulator has 29 full-time equivalent staff dedicated internally to cyber and information security.
In regards to combatting cyber-attacks, the FCA said: ‘We conduct a rolling programme of security assurance and penetration tests each year to test the FCA’s defences against cyber-attacks.
‘These tests are administered by a dedicated assurance team within our Cyber and Information Resilience department, which is headed up by our chief information security officer (CISO). The CISO reports directly to our chief operating officer, and is independent from the FCA’s day-to-day IT functions.’
All of the regulator’s supervisors also carry out both proactive and reactive supervision of regulated firms.
‘They are supported by a range of specialist teams who provide expertise and technical input. The Technology, Resilience & Cyber department in Specialist Supervision provides this support to supervisors concerning technology, resilience and cyber issues during their work with firms.
The FCA said the department works closely with other UK regulators and agencies, including the National Cyber Security Centre and the Bank of England.
‘There are 23 full-time equivalent staff in this department and 6 full-time equivalent focus specifically on supporting frontline supervisors in both proactive and reactive supervision of regulated firms’ cyber resilience.
‘This Cyber Specialist team was created in October 2016 although prior to its establishment specialists provided support to frontline supervisors since the FCA was created in 2013.’