The Financial Conduct Authority (FCA) was made aware of just two data breaches by financial advisers and pension providers between March 2013 and May 2017.
Data breaches reported to the FCA were very few compared to the number of data breaches investigated by the ICO in the same period.
Back in July, the Information Commissioner’s Office revealed a 25 percent rise in incidents of data theft suffered by financial services in the UK. In fact, financial services reported a total of 140 data breaches between April 2016 and March 2017, compared to just 73 between April 2013 and March 2014.
Even though the total number of data breaches reported by banks went down by 45 percent between 2015-16 and 2016-17, insurance companies had to bear the brunt of data thefts with the number of breaches suffered by the sector doubling in the same period.
However, the Financial Conduct Authority, a conduct regulator for 56,000 financial services firms and financial markets in the UK, has a different story to tell. FCA records obtained under a Freedom of Information request has revealed that the authority was made aware of only two instances of data breach by financial advisers and pension providers between March 2013 and May 2017.
In the same period, the FCA was made aware of nine breaches suffered by insurance firms and 15 breaches suffered by lenders in the same period. As such, the amount of information that the FCA holds with respect to data breach incidents pales in comparison to the information available with the ICO.
Even though the FCA is a regulatory authority, it is not a government body and survives on membership fees paid by financial firms who it is meant to supervise. Until recently, FCA was under fire from the government for being lax in investigating financial crimes like market-rigging and insider trading.
Following the rebuke, the FCA swung into action and conducted a record 213 investigations last year and 126 investigations so far this year. However, it is now being said that if the FCA casts too wide a net and turns too draconian, it might impact London’s status as a global financial centre considering a number of businesses are already feeling the jitters after the Brexit verdict. An FCA investigation may harm a financial firm’s reputation and credibility, sometimes for good.
It remains to be seen what steps the FCA will take in the near future to ensure cyber security of financial firms and to ensure that such firms report cyber attacks and data breaches to the authority as well as to their customers.