LONDON (Reuters) – Financial firms are overly confident about their ability to manage large IT projects and many have yet to get the basics right on cyber defences, a senior regulator said on Tuesday.
Outages at banks like TSB have left thousands of customers without banking services and British lawmakers have opened an investigation into such incidents.
“On the basis of the data that the FCA is currently collecting, we see no immediate end in sight to the escalation in tech and cyber incidents that are effecting UK financial services,” Megan Butler, the FCA’s executive director of supervision, told a Bloomberg event.
The watchdog surveyed nearly 300 regulated firms between 2017 and 2018. In the year to October, the firms reported a 138 percent rise in technology outages, and an 18 percent increase in cyber incidents.
Under-reporting of incidents is probably still a problem, with many incidents linked to an “over-confidence bias” at banks about managing major IT changes, Butler said.
“All the trends that we’re seeing at the moment suggest an increasing threat to UK customers, and financial markets, from technology outages and cyber attacks,” Butler said.
Regarding cyber attacks, the FCA is seeing “serious vulnerabilities” in areas such as identification of key assets, information and detection, she said.
Many firms were still trying to get the basics right on cyber, with a third not performing regular cyber assessments.
Boards of financial firms need to have enough skill and understanding of technology issues, she said.
(Reporting by Huw Jones; Editing by Matthew Mpoke Bigg)