Data breaches reported to the Financial Conduct Authority (FCA) more than tripled in 2017 to 24 cases, up from seven reported the previous calendar year.
The increase corresponds with a rise in the number of reported cyberattacks, which grew from 39 in 2016 to 49 in 2017.
Despite the rise in the figures, and pressure from the regulator on companies, there is still a danger that businesses are under-reporting breaches, however.
In a December 2017 speech Megan Butler director of supervision – investment, wholesale and specialists at the FCA, warned: ‘Our suspicion is that there’s currently a material under-reporting of successful cyberattacks in the financial sector.
‘Certainly the number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry.’
There were 10 reported data breaches from the investment management sector in 2017, compared to only three reported the year before.
Commenting on this latest data, obtained through a Freedom of Information request, a spokesperson for the FCA said: ‘We are confident these firms recognise the importance of reporting breaches to the FCA when they happen.
‘We continue to work with firms and awareness of reporting of cyber incidents has increased over the last 18 months.
‘We are confident firms understand the obligations to report breaches to the relevant authorities, including the Information Commissioner’s Office in the case of personal data related breaches.’
Data breaches have come into focus over the last year as a number of attacks targeted companies and government agencies.
Last year, a major data breach at Equifax, one of the world’s largest credit rating agencies, meant that as many 700,000 UK customers had their data harvested by hackers.
It was reported at the time that Equifax’s management knew of the vulnerability that the hackers exploited and failed to report it.
As a result, the FCA took the unusual measure of announcing that it was launching an investigation into ‘the circumstances surrounding a cybersecurity incident’.