RSM highlights skills gap as FCA figures show increased cyber risk
Figures obtained by RSM under a Freedom of Information request demonstrate a 28% rise in cyber-attacks reported to the FCA by financial services companies last year.
The top cause of incidents was phishing emails, reported by 37% of affected firms, followed by attacks via third party companies (21%) and DDoS (Distributed Denial of Service) attacks (15%). The recent attack on the US Colonial pipeline demonstrates how much damage a cyberattack can cause, disrupting essential services and infrastructure as well as costing companies millions. Recently McAfee estimated the cost of cybercrime to the global economy is around $1 trillion a year, or 1% of global GDP.
Sheila Pancholi, technology risk assurance and cyber security partner at RSM said: ‘Cybercrime rose significantly last year, partly due to the pandemic, and middle market businesses are viewed as an easy target. With many companies enabling staff to work from home with very little time to implement secure systems, and staff being distracted, fraudsters have seized their chance to exploit weak points. With home and hybrid working models now becoming commonplace, we continue to advise financial services companies to assess their cyber security measures and provide safeguards against the ever changing cyber threat landscape, in addition to ensuring all staff receive adequate and regular training on how to spot the most common types of attack.’
Middle market businesses can be vulnerable to attacks, as they often have only one person responsible for IT security as part of a wider remit. The UK currently has a major shortage of people who are equipped to tackle cybercrime. As a result, experts are highly sought after, and can command high salaries that are often beyond the reach of small or mid-sized organisations.
RSM’s recent report, ‘Cyber Security – Breaking the Kill Chain’ highlighted the importance of creating a security conscious culture throughout the business, rather than relying on a single individual.
Sheila Pancholi explains: ‘With continuing advances in AI, automation and digitisation comes greater risk of systems being compromised. Progress in technology is benefitting cyber criminals too, dramatically increasing the number of attacks they can execute, and enabling them to coordinate activities with other criminals across global networks. Businesses need to protect themselves and good leadership is key, equipping teams with the tools and training to foil an attack and creating a culture where everyone is vigilant and mindful of the risks.’
RSM’s report also highlighted lack of cyber security insurance as a concern. When surveying the firms that do not have a cyber insurance policy in place, 59% of those do not believe a cyber insurance policy is relevant to them, and a further 22% said they don’t know what they need to cover. Only 10% said they are going to take out a policy within the next year.
Sheila Pancholi concluded: ‘Your people are your best defence against cyber attackers, as many attacks manipulate the psychology of the workforce. Empowering people to recognise and respond to attacks should be the foundation of any security strategy.’
RSM’s cyber security survey was the second in The Real Economy series of topical quarterly surveys focusing on the middle market as a powerhouse of the UK economy. It is also the first authoritative source of economic data for this crucial area of UK market, sharing insight and perspective for the wider economy.