consumer duty

Ransomware incidents reported to UK financial regulator doubled in 2023

The was a significant increase in ransomware incidents in the first half of 2023, according to a Picus Security FOI analysis of cyber incidents reported to the Financial Conduct Authority (FCA).

Picus submitted a Freedom of Information (FoI) request to the UK Financial Conduct Authority (FCA) to understand the degree to which cybercrime has impacted the finance sector in the first six months of 2023.

The data obtained reveals a resurgence in ransomware-related incidents following a quieter 12 months in 2022. 

According to the findings, the FCA received 51 cyber incident reports in H1 2023, up 10% compared to H1 in 2022.

In addition, twice as many ransomware incidents were reported in H1 2023 (19) compared to the same period in 2022.

Nearly a third of all cyber incidents reported in H1 2023 were categorized as ransomware (31%). This percentage is up from 11% in H1 2022.

What’s more, far more cyber incidents are reported to the FCA in March than in any other month.

Since 2021, 12.8 reports, on average, have been submitted in March. December is the quietest month for FCA cyber incident reports (2.5).

Dr. Suleyman Ozarslan, CO-FOUNder and VP of PicusLabs said: “Ransomware remains a scourge for every sector and every security team. Our data reflects a common pattern seen in recent years.

“Ransomware gangs burst onto the scene, scale up their campaigns, and put a target on their backs.

“After the coordinated crackdowns and arrests from global government agencies, ransomware activity can start to die down until the next group looks to fill the void left by their predecessor.”

Dr. Ozarslan added: “The first six months of 2023 was a hectic period for financial services security teams.

“This sector has always been one of the biggest targets for both politically and financially motivated cybercriminals. Cl0p Ransomware, for example, is known to target major banks.

“Two major Microsoft vulnerabilities may have also contributed to more incidents than usual this year, as was the case in 2021 when the Hafnium hacking group was actively exploiting another Microsoft Exchange Server bug.

“The increasing complexity of malware deployed by adversaries may also be a factor.

“The Picus Red Report 2023 found that modern malware is now capable of performing far more actions across the cyber-kill chain, to more effectively evade defences.

“More than one-third of malware samples exhibit more than 20 individual tactics, techniques and procedures.

“The numbers for the first half of 2023 are also far higher than the second half of 2022 when cyber incident reports almost ground to a halt by the end of the year. It is interesting to see such consistently low numbers in December.

“A slight decline in cyber incident reports would reflect the fact that many people are away from the office, but there is such a sizable gap between December and January figures. We know that breaches happen all year round, so the numbers should fall off a cliff in this manner.

“I don’t know which is worse, if security teams don’t discover incidents in December, or if they choose not to report them until after the holidays.”