Why knowledge is your best weapon against cyber attacks and data breaches in financial services firms

As custodians of sensitive personal and financial data, financial services firms have always been an obvious target for cyber-attackers, but the pandemic has brought fresh security challenges.  

One report found that as many as 62% of firms have experienced a cyber-attack in the past 12 months, and 40% say the number of cybersecurity incidents has gone up when more people were working from home. In the finance, insurance and credit sector, the number of cyber-security incidents reported under GDPR jumped by 54% between January and June compared to the previous year.

The upheaval caused by the pandemic has played into the hands of cyber-attackers. Some firms were ill-equipped for employees working remotely in large numbers, and few could have foreseen the sheer volumes of enquiries from customers concerned about their mortgage, loans and investments. With staff busy navigating the crisis and potentially distracted, it’s no surprise that reports of phishing attacks jumped exponentially in the first half of 2020 on the same period the previous year.

Cost of a breach

We know that a data breach is costly in terms of the resources needed to contain it and the significant impact it can have on market reputation, customer trust and investor confidence, not to mention regulatory fines.

One estimate puts the average cost of a breach in the financial services sector at £4.7million, ranking it third only behind energy (£5.1m) and healthcare (£5.7m). But the costs can be much higher, of course – another report found that a UK-based financial services firm suffered a £71m loss after a cyber-attack in 2019.  

The question is, why wait for the inevitable?

Importance of robust policies and training plans

People are an organisation’s greatest asset, especially in relation to cyber resilience, so it’s essential that you put them at the forefront in the fight against growing the risk of cyber-attacks. Financial Services firms must implement robust policies and provide effective training plans to improve security behaviours at home as much as in the workplace. Short, targeted yet immersive training ensures they receive clear and easy-to-follow practical advice.

There are likely to be severe repercussions for firms that fail to uphold the FCA’s expectations for organisational resilience and protecting customers, and this includes cyber-security. As well as maintaining the correct IT systems and controls, the FCA underlines the need for ‘a secure culture’, reminding firms of the importance of investing in training. This includes:

“Understand[ing] and measur[ing] the level of awareness within the organisation and its effectiveness so that additional training and support can be provided where it is needed.”

It further highlights the power of training when it is tailored to ‘users’ roles, access and responsibilities’ with reference to case studies wherever possible.

Regardless of whether staff are working from home, eLearning systems help to ensure that everyone, including new-starters, receives the correct training in cyber awareness designed to reduce the risk of falling victim to a wide range of cyber-attack and data breach threats. Good training can also be used to highlight skills and knowledge gaps among individuals and teams, in addition to monitoring, measuring and reporting who has completed their training.  

Given the costs associated with a data breach, it’s clear that investment in quality and role-specific cyber awareness and resilience training could pay for itself many times over.

Download our free guide, Mind The Compliance Gap Guide and other digital learning and compliance resources here.

Click here for our complete course collection, which includes resources on cyber-security and operational resilience, including courses tailored specifically to financial services professionals.

Check out our latest interviews and blogs

Your consumer needs you! We take a look at the FCA Consultation on Consumer Duty

With more financial decisions now in consumers’ hands, the FCA has decided that now is the time for an even higher standard of consumer protection. We take a look at the FCA Consultation on Consumer Duty.

Read more

What is The Financial Services Act 2021? Changes to PDMRs, Market Abuse Regulation and Duty of Care

The Financial Services Act 2021 is noteworthy as it will change the underlying structure of regulation and the control of financial services in the UK. This is quite a statement, but this is going to be the foundation for considerable change across the industry for years to come.

Read more

Vulnerability and Mental Health in Financial Services: Looking after your customers, and your employees

Everyone in financial services knows the impact of COVID-19 on their business. Lost income, changes in investment patterns, lower footfall. Sometimes, however, we need to take a bit of a step back and stop looking at the bottom line. It’s time to start thinking about the stuff that’s a lot harder than balance sheets, prudential requirements and market abuse regulations.

Read more

Evolving Regulatory Expectations – How to Embed Positive Conduct in Your Firm

It looks as though some at the FCA have discovered that they have some time on their hands and have started to indicate a return to ‘normality’. Although there is no doubt that there are real strains in certain aspects of interaction with the regulator, they have, just like in the olden days, started to flag the areas where they will be focusing attention.

Read more

Not all about the money: What is non-financial misconduct? Could you certify all staff as ‘fit and proper’?

The regulator is actively using its powers to hold to account those who carry out activities that result in the requirements, values and expectations of regulatory regimes being compromised.

Read more

How will the FCA expectations on call recording in the remote-working world affect your firm?

The FCA is preparing us for a return to the ‘Old Normal’, one where firms are expected to fully meet the requirements of the FCA sourcebook and the ‘Covid-19’ excuse just won’t cut it when a firm is found to be in breach of regulation.

Read more

AML: Complying with the 6th Money Laundering Directive (6 MLD) in a Post-Brexit and Remote-Working World

In this short article, we would like to give you a short horizon-scanning piece for what will be expected of you and your firm in the international world of financial crime and punishment through 2021. (And what we haven’t yet done from 5 MLD).

Read more

Under surveillance: Complying with the FCA’s Market Abuse regulation

In a speech given by Mark Steward, Executive Director of Enforcement and Market Oversight, the FCA gave an overview of the market abuse scrutiny that has taken place in the past turbulent year. With this speech, the FCA have drawn attention to where they might see industry falling behind their own initiatives.

Read more

Four key compliance considerations for UK financial services firms in 2021

We take a look at just four influences likely to have an impact on the financial services sector that are expected to feature in our newsfeeds – and compliance considerations - over the coming year.

Read more

Post-Brexit impact on investment firms: How might regulatory divergence affect competitiveness?

With the regulatory challenges for firms already becoming apparent in a post-Brexit UK, we’re taking a look at the imminent changes to investment regulation for both EU and UK companies, and the difficulties arising from variable timelines.

Read more

Responding to financially vulnerable customers

Ensuring staff have the right skills to deliver positive outcomes for vulnerable consumers has always been critical, but Covid-19 brings with it new challenges.

Read more

Six ways to embed Green Finance into your firm

If you’re not familiar with the term ‘green finance’, it’s the use of financial products - for example loans, insurance, investments - in eco-friendly projects. So ultimately it’s about stopping climate change….and saving the planet. Pretty ambitious stuff.

Read more

What Does The Brexit Trade Deal Mean For Financial Services?

We look at how eLearning can deliver rapid and targeted training as post-Brexit regulatory requirements change.

Read more

Five Minutes With Nick West, Head of Learning, Innovation and Delivery at UK Finance

Recently, we caught up with Nick West, Head of Learning, Innovation and Delivery, to find out what’s in store for 2021.

Read more

Compliance cultures within financial institutions: Are whistleblowing cases on the rise?

It’s clear that some financial institutions deem it acceptable to allow money laundering as a normal part of their operations. Questions need to be asked, but when the rewards far exceed the sanctions that regulators would ever levy on them, is it any wonder that such behaviour is seen as just a cost of doing business?

Read more

Money laundering and the FinCEN papers - how the UK has been impacted

First, it was the Panama Papers in 2016, which involved the leak of 11.5 million financial and legal records exposing a system that enabled crime and corruption through hidden offshore companies. Today, it is the FinCEN files that reveal the role of global banks in money laundering on a massive scale.

Read more

Whistleblowing – is the regime working in the financial services sector?

In the UK, the government defines whistleblowing as reporting certain types of wrongdoing, with whistleblowers being protected by law. We look at whether the whistleblowing regime is working within the financial sector and if it has any credibility amongst those who would be most likely to use it.

Read more

Are money laundering fines in the financial services sector a good enough deterrent?

We explore some of the fines imposed on financial institutions for active involvement in money laundering and whether such fines act as an effective deterrent to those thinking of engaging in money laundering activity. We also discuss the fines levied for not employing effective anti-money laundering systems and processes.

Read more