UK financial services firms reported a more than a threefold increase in the number of cyber security breaches to the Information Commissioners Office (ICO) in 2023 compared to the previous year.
During the year to June 2023, 640 cyber security breaches were reported to the ICO, up from the 187 from the year to June 2022, research from international law firm RPC revealed.
The pensions sector saw the biggest rise in cyber security breaches, from six in 2021/22 to 246 in 2022/23.
RPC said that hackers like to target pension schemes “as they hold a huge amount of valuable, sensitive and financial data”.
The Pensions Regulator’s cyber security guidance states trustees remain accountable for the security of scheme information and assets even when day-to-day functions are outsourced.
RPC partner and head of cyber and tech insurance Richard Breavington said: “Cybersecurity is fundamental to pension scheme trustees’ legal duties.
“It’s a cause for concern that so many financial services firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach.
“The assumption might sometimes be that major financial services businesses have robust cyber defences so that they are impervious – that certainly hasn’t stopped hackers continuing to try.”
RBC added that any business looking to protect itself from a cyber attack “should invest in understanding its cyber footprint and the risks it poses and have the right policies/procedures in place”.
Additionally, businesses should consider cyber insurance to provide coverage for losses resulting from a cyber incident, as well as access to legal, technical forensic and PR support.