FR-circle SUBSCRIBE
FR-circle SUBSCRIBE

FCA sees 'no end in sight' to escalating IT failures

The FCA says it sees "no immediate end in sight to the escalation in tech and cyber incidents" that are effecting UK financial services.

Related topics:  Regulation
Rozi Jones
27th November 2018
Identity fraud card tech
"A lot of the time, it isn’t technology at fault when things go wrong. It’s classic systems and control failures."

The stark warning to firms came from the FCA's executive director of supervision, Megan Butler, who raised concerns over 'significantly' more outages and cyber attacks over the last year.

Over the past year, firms reported a 138% increase in technology outages alongside an 18% increase in cyber incidents.

During a speech in London, Butler said the FCA does not expect ‘zero-failure’, but is "deeply concerned that the number of technology incidents reported to us has increased".

She said a large problem is firms being "overly confident about their ability to manage flagship IT change programmes".

Both large and smaller businesses described it as a strength in a recent FCA survey, yet 20% of incidents reported to the FCA are "explicitly linked to weaknesses in change management".

Butler said this makes it the most frequent cause of outages and implies a "mismatch between corporate expectations and reality", adding that an 'overconfidence bias' is particularly characteristic in financial services.

Despite being confident in their abilities, a third of firms in the survey do not perform regular cyber assessments nearly half admitted they do not upgrade or retire old IT systems in time. Just 56% said they can measure the effectiveness of their information asset controls.

Additionally, only the largest firms have automated their detection systems to spot potential cyber attacks. Smaller firms, Butler said, are generally relying on "old school, manual processes – or no processes at all".

She explained: "A lot of the time, it isn’t technology at fault when things go wrong. It’s classic systems and control failures.

"Take Tesco Bank’s cyber attack as an example: It had specific warning of the threat and failed to put in place an effective defence, which left its customers in a vulnerable position for a significant period of time."

Concluding, Butler said that the "current threat level is remarkable", highlighting that cyberattacks are now sandwiched between ‘failure of climate-change mitigation’ and ‘large-scale, involuntary migration’ on the World Economic Forum’s 2018 risk landscape.

She stressed that "irrespective of firm size or sector, cyber is not just a technology risk; it is a human risk".

More like this
Latest from Property Reporter
Latest from Protection Reporter
www.barcadiamedia.co.uk
Advice for Readers

While this website is checked for accuracy, Barcadia Media Limited are not liable for any incorrect information included. We recommend that you make enquiries based on your own circumstances.

Useful Links
Financial Reporter and financialreporter.co.uk are trading styles of Barcadia Media Limited. Barcadia Media Limited is registered in England & Wales No. 6970806 Registered address.
Barcadia Media Ltd, 14 Edward Street, Blackpool, Lancashire , FY1 1BA. Data Protection Notification No: Z162 1548.
CLOSE
Subscribe
to our newsletter

Join a community of over 30,000 intermediaries and keep up-to-date with industry news and upcoming events via our newsletter.