Ransomware incidents reported to UK financial regulators doubled in 2023, according to an extensive update shared with CI.
A Picus Security FOI analysis of cyber incidents reported “to the Financial Conduct Authority reveals an increase in ransomware incidents in the first half of 2023.”
Picus submitted a Freedom of Information (FoI) request “to the UK Financial Conduct Authority (FCA) to understand the degree to which cybercrime has impacted the finance sector in the first six months of 2023.”
The data we obtained reveals “a resurgence in ransomware-related incidents following a quieter 12 months in 2022.”
Key findings of our FOI analysis include:
- The FCA received 51 cyber incident reports in H1 2023, up 10% compared to H1 in 2022.
- Twice as many ransomware incidents were reported in H1 2023 (19) compared to the same period in 2022.
- Nearly a third of all cyber incidents reported in H1 2023 were categorized as ransomware (31%). This percentage is up from 11% in H1 2022.
- Far more cyber incidents are reported to the FCA in March than in any other month. Since 2021, 12.8 reports, on average, have been submitted in March. December is the quietest month for FCA cyber incident reports (2.5).
Dr. Suleyman Ozarslan, Co-Founder and VP of PicusLabs, said:
“Ransomware remains a scourge for every sector and every security team. Our data reflects a common pattern seen in recent years. Ransomware gangs burst onto the scene, scale up their campaigns, and put a target on their backs. After the coordinated crackdowns and arrests from global government agencies, ransomware activity can start to die down until the next group looks to fill the void left by their predecessor. The first six months of 2023 was a hectic period for financial services security teams. This sector has always been one of the biggest targets for both politically and financially motivated cybercriminals. Cl0p Ransomware, for example, is known to target major banks.”
As noted in the update:
“Two major Microsoft vulnerabilities may have also contributed to more incidents than usual this year, as was the case in 2021 when the Hafnium hacking group was actively exploiting another Microsoft Exchange Server bug. The increasing complexity of malware deployed by adversaries may also be a factor. The Picus Red Report 2023 found that modern malware is now capable of performing far more actions across the cyber-kill chain, to more effectively evade defences. More than one-third of malware samples exhibit more than 20 individual Tactics, Techniques and Procedures.”
The report also mentioned that the numbers for “the first half of 2023 are also far higher than the second half of 2022 when cyber incident reports almost ground to a halt by the end of the year. It is interesting to see such consistently low numbers in December. A slight decline in cyber incident reports would reflect the fact that many people are away from the office, but there is such a sizable gap between December and January figures.”
As stated in the report:
“We know that breaches happen all year round, so the numbers should fall off a cliff in this manner. I don’t know which is worse, if security teams don’t discover incidents in December, or if they choose not to report them until after the holidays.”
Methodology
As part of the FOI request process, Picus received “month-by-month data on the number and type of incidents reported to the FCA by financial organizations. This information can be compared to previous FCA data breach statistics, including Picus FOI requests for FCA data in 2021 and 2022.”
The FCA regulates the activity of “more than 50,000 UK financial services firms. If any of these businesses suffer a material cyber incident, they must notify the FCA immediately.”
According to the FCA, a material incident is defined as a cyber incident that:
- Results in significant loss of data, or the availability or control of its IT system
Impacts a large number of victims - Results in unauthorized access to, or malicious software present on, its information and communication systems.