Data protection  

Is the cybersecurity threat real?

This article is part of
Guide to GDPR implementation

Is the cybersecurity threat real?

Most of us have heard the news and seen the headlines about yet another cybersecurity or data hacking incident. 

Some of us may even have been affected directly, either working in a company that has been a target, or having had our own data hacked and made public.

Companies including Equifax and Uber have been the high-profile victims of data breaches, while even public sector organisations, such as the NHS have fallen victim to hacking.

But is the cybersecurity threat real?

Surely, these companies simply were not prepared enough for such incidents and had not invested in the right systems. 

But perhaps what this shows is that if it can happen to large companies and corporates, then the chances are it can affect a business of any size, including small financial planning firms.

Data loss

“The threat is real, and an attack should be considered to be inevitable at some point; only the extent, the seriousness of the disruption, and the reputational risk are variables,” warns Mark Ehlinger, head of regulatory and professionalism services at Focus Solutions.

Figures from the Financial Conduct Authority (FCA) show reported data hacking attacks against financial services companies quadrupled in the past year, according to RSM.

RSM obtained the figures from a Freedom of Information request and reported them in February 2018.

It reveals incidents of loss of data resulting from hacking rose from four in 2016 to 17 in 2017 and there were also two separate incidents of ‘data leakage’ reported to the regulator.

The retail banking sector suffered the highest number of reported attacks at 17 last year, followed by retail lenders at 16 and investment management firms, also at 16 and there were a further 11 incidents reported to the FCA by insurance firms.

Source: FCA/RSM

Steve Snaith, technology risk assurance partner at RSM says: “We have previously raised concerns that there is likely to be significant under-reporting of cyber attacks by regulated financial services firms. Nevertheless, these new numbers do reveal some important trends.

“The jump in incidents of data loss resulting from hacking attacks should be particularly concerning to the financial services sector, given we are just months away from the new GDPR regime coming into force.”

Where any data is held, a cybersecurity threat is real, Steve Casey, marketing director at Square Health notes, and that includes financial adviser firms.

“A financial planning firm could hold all types of data, including possibly medical data in the form of a copy of an application form, so an obvious example would be to steal this data and then publish this on the web,” he explains.

If adviser and financial planner firms are not concerned about the threat, then they should be and GDPR is the perfect opportunity to demonstrate they are doing something about it.

Jon Szehofner, observes that risk managers are worried about cybersecurity and for good reason.