Financial Firm Reports Puzzling 30% Drop in Breaches as Incidents Rise

Data breach incidents reported to the UK’s financial regulator dropped by nearly a third from 2019 to 2020, although experts claim this is far from an accurate picture of the current threat landscape.

Governance and risk firm Kroll requested Freedom of Information (FoI) data from the Financial Conduct Authority (FCA) to better understand the level of cyber-breach activity in the sector.

However, the data received, a 30% year-on-year drop in reported breaches to just 76 in 2020, was at odds with its own figures. These showed a 56% average increase in incidents over the same time period across all sectors — with the financial services sector slightly higher still.

Given the pandemic has provided even more opportunities for threat actors to target organizations distracted by remote working, the figures are doubly puzzling.

Kroll argued that the disparity could be explained by more organizations pulling back, after an initial period of over-reporting following the introduction of the GDPR.

In many cases, legal counsel is recommending firms not to notify if they think reporting thresholds around whether data subjects were “harmed” are not met, it said.

“The GDPR is still a relatively new and complex piece of legislation and we certainly saw businesses being hyper-vigilant when it came to reporting to the ICO and the FCA in its initial stages of implementation,” explained Keily Blair, head of Orrick, Herrington & Sutcliffe’s UK Cyber, Privacy and Data Innovation team.

“The drop in the FCA number ..

Support the originator by clicking the read the rest link below.