By Sean-Francis Brown, Senior Information Security Consultant, Waterstones
The financial services industry has supported economies, created jobs, provided investment and enabled access to new markets for organisations across the world for decades.
With financial hubs spread throughout the UK including Canary Wharf, Manchester, Leeds and Edinburgh, the industry is arguably the strongest pillar within our economy, going from strength to strength in the postpandemic era. In fact, according to CityAM, the sector grew by 8% year-on-year in 2021, with total output exceeding a quarter of a trillion pounds (£261 billion).
But is that strength also the industry’s biggest weakness? As it becomes more prosperous, it also becomes a greater target for cyber criminals.
In the last decade, nearly all major financial services organisations have been victim to a cyberattack that disrupted their operations. In 2017, an attack on consumer credit reporting agency Equifax, resulted in attackers stealing names, social security numbers, birthdates and addresses of 147 million US citizens in what is one of the largest data breaches of personal information ever known.
Last year, what may have been the biggest theft in history as hackers stole around $570 million in cryptocurrency from the exchange, Binance.
But it’s not just the large organisations that are at risk and, unsurprisingly, regulators are becoming increasingly focused on the sector’s resilience – likely as a result of the increased threat landscape and how critical the services the industry provides are.
Part of this regulatory response is the release of the PS21/3 by the Financial Conduct Authority which outlines a series of requirements for nearly all UK financial services organisations to comply with by 31 March 2025.
There has never been a more important time to protect the financial services industry – and economy – but as many organisations are unsure of the threat landscape, necessary precautions and strategies to be employed, the PS21/3 regulation creates a uniformed framework to follow. Not only that, but it could support further accreditations such as Cyber Essentials Plus and ISO27001 which can create opportunities to appear on frameworks and generate significant projects and contracts.
With significant analysis and testing required, organisations are encouraged to act now to start the roll out of PS21/3 compliance which arms businesses with self-assessment tools, resource mapping to understand current resilience, communication strategy creation and much more, to ensure full compliance by the March 2025 deadline.
By taking a three phased approach through assessment, implementation and assurance, Waterstons is well-placed to support the financial services sector in understanding threat risk, current resilience position, and develop strategies to protect data and assets into the future.
After all, no one wants to be responsible for a dip in the economy
For more information, contact cyber@waterstons.com