Information on the numbers of cyber incidents reported to the FCA - August 2020

FOI Release Date of Release:

Reference Case Number: FOI7358

Freedom of Information: Right to know request:

  1. You have previously provided details of the numbers of cyber incidents reported to the FCA during the years 2015, 2016, 2017, 2018 and part of 2019 in response to requests FOI6469 and FOI6818. For the dates 2019 (Jan to Dec) and 2020 (Jan to the most recent data available), please set out the total number of incidents reported to the FCA and provide a breakdown of incidents by industry adopting the categories included in your response to request FOI6494, i.e., Retail Banking and Payments, Retail Lending, General Insurance, Pensions and Retirement Income, Retail Investments, Investment Management, Wholesale Financial Markets and by root cause, i.e., Hardware/Software, Change Management, 3rd Party Failure, Cyber Attack, Human Error, Process/Control Failure, Capacity Management, External Factors, Theft, Root Cause not Found). Please also provide a breakdown of the Cyber Attacks using the categories included in your response to request FOI6469, i.e., Phishing / Credential Compromise, Ransomware, 3rd Party Cyber Attack, Malware/Malicious code, DDOS, Root Cause of Attack Unknown and Root Cause Under Investigation.
  2. For the dates 2018 (Jan to Dec), 2019 (Jan to Dec) and 2020 (Jan to the most recent data available), please set out the number of reported incidents for which the FCA opened investigations. Please set out the cumulative total for each year as well as the number of investigations for the following categories: Hardware/Software, Change Management, 3rd Party Failure, Cyber Attack, Human Error, Process/Control Failure, Capacity Management, External Factors, Theft, Root Cause not Found, Phishing / Credential Compromise, Ransomware, 3rd Party Cyber Attack, Malware/Malicious code, DDOS, Root Cause of Attack Unknown and Root Cause Under Investigation, Retail Banking and Payments, Retail Lending, General Insurance, Pensions and Retirement Income, Retail Investments, Investment Management, Wholesale Financial Markets.
  3. Please set out the number of investigations into cyber incidents the FCA is currently conducting. 
  4. Please set out the number of investigations involving incidents occurring at outsourced service providers that the FCA is currently conducting.

Refer to supporting documents below

Supporting document

FOI7358 response