The “vast majority” of these vulnerabilities were well known and had fixes available at the time of the attack, Ms Delfas said.
She said: “Some of these attacks used vulnerabilities for which a fix had been available for over a decade.
“Being rigorous about patch management is key. Tools to enable effective management of vulnerabilities are well established, and yet organisations either don’t use them, or don’t use them effectively.
“If we cannot get the basics right, then what chance is there that we can repel the sophisticated attacker?”
The regulator has established a number of Cyber Coordination Groups.
Ms Delfas said: “We are collecting, anonymising and aggregating actual risk data across around 175 firms in each area of the financial sector.
“This will provide us – and firms - with a much better picture about how cyber risk crystallises.
“Are we seeing unique threats in specific parts, such as retail banking, compared to other parts, such as insurance? Or are we seeing the same generic cyber threats threaten all firms?
“We will be seeking to carry this work out over the coming year and will look to share our findings.”
A government report at the start of April revealed just under half of all British businesses were victim to at least one cyber security breach last year.
The Department for Culture Media and Sport found 46 per cent of all businesses discovered at least one cyber security breach in 2016, with the average cost to firms ranging between £1,570 and £19,600.