Information on cyber incidents Involving asset management firms 2019 - April 2022

1. The number of monthly cyber incidents involving asset management firms, dating from January 2019 to the latest date available.
2. The percentage of these cyber incidents that involved ransomware.
3. The percentage of these cyber incidents that involved breach/compromise of confidential information or personal data.

Firstly, it may be helpful to note that we hold centralised records on major operational incidents reported to the FCA by individual firms under SUP 15.3 and Principle 11. This includes incidents that are a result of cyber-attacks. However, please note that these figures do not include cyber incidents at FCA regulated firms that have not been reported directly to the FCA.

Please note that all data is accurate as of the 8 April 2022 and is subject to change due to ongoing investigations of incidents. We will now respond to each question in turn below.

For question 1, please see below for the monthly cyber incidents involving asset management firms, dating from January 2019 to February 2022 (which is latest date available).

FOI9169 

For question 2, of all the incidents recorded in question 1, 2 incidents were recorded as ransomware January 2020 and July 2020, respectively. This equates to 6% of the total number of cyber incidents reported in the Asset Management portfolio from January 2019 to February 2022.

For question 3, of all the incidents recorded in question 1, 11 incidents were recorded as involving breach/compromise of confidential information or personal data. This equates to 33% of the total number of cyber incidents reported in the Asset Management portfolio from January 2019 to February 2022.