LONDON (Reuters) - Britain’s Financial Conduct Authority will punish firms that are failing to get the basics right on cyber defenses, or whose botched IT projects harm consumers, a senior official at the markets watchdog said on Tuesday.
Outages at banks such as TSB have left thousands of customers without banking services and this month British lawmakers opened an investigation into such incidents.
“On the basis of the data that the FCA is currently collecting, we see no immediate end in sight to the escalation in tech and cyber incidents that are affecting UK financial services,” Megan Butler, the FCA’s executive director of supervision, told a Bloomberg event.
The watchdog surveyed nearly 300 regulated firms between 2017 and 2018. In the year to October, the firms reported a 138 percent rise in technology outages, and an 18 percent increase in cyber incidents.
Under-reporting of incidents is probably still a problem, with many linked to an “over-confidence bias” at banks about managing major IT changes, Butler said.
“All the trends that we’re seeing at the moment suggest an increasing threat to UK customers, and financial markets, from technology outages and cyber attacks,” Butler said.
Regarding cyber attacks, the FCA is seeing “serious vulnerabilities” in areas such as identification of key assets, information and detection, she said.
Many firms were still trying to get the basics right on cyber, with a third not performing regular assessments.
“Do you respond properly? Do you escalate it? Do you keep it quiet for six months while trying to sort it out? That will be a very poor outcome,” Butler said. “Yes, we will absolutely take action if we see inappropriate responses and inappropriate protection being taken.”
Boards of financial firms need to have enough skills and understanding of technology issues, she said.
After misconduct scandals at banks, such as attempted manipulation of the Libor interest rate benchmark and currency markets, Butler said the industry’s culture was improving.
“Anyone who thinks they have got the job done have failed,” she said.
Firms were also recognizing they need to deal with issues such as sexual harassment in a more sophisticated way than they have done in the past, Butler said.
Reporting by Huw Jones; Editing by Matthew Mpoke Bigg and David Stamp