Information on cyber attacks and data breaches reported to the FCA - October 2023

A.    Please can you provide information on the total number of material cyber incidents reported to the FCA between the period 1st January 2023 and 30th June? Please provide this data broken down by month. 

B.    Of the total number of material cyber incidents reported (answer to question A), how many of these were cyber-attacks? Please provide this data broken down by month. 

C.    Of the total number of material cyber incidents reported (answer to question A), how many contained notifications where the confidentiality of company or personal data may have been compromised or breached? Please provide this data broken down by month. 

D.    Of the total number of material cyber incidents reported (answer to question A), can you provide a breakdown of the attack type eg. 3rd party, malware, phishing and ransomware? Please provide this data broken down by month

A. There were 51 individual cyber incident firm notifications made to the FCA during the period 1 January 2023 to 30th June 2023. Our full response including the requested breakdown is set out in the attached Annex B.

B. There were 51 individual firm notifications made to the FCA during the period 1st January 2023 to 30th June 2023 that had a root cause of cyber-attack. Our full response including the requested breakdown is set out in the attached Annex B. To note, since our previous FOI response (under our reference FOI8954), we have expanded our cyber-attack taxonomies to cover DDOS attacks, spoofing and insider thefts. Therefore, the tables provided in response to questions A, B and D reflect the same data as we do not differentiate between a cyber incident and a cyber-attack when recording incidents, as previously.

C. There were 6 individual firm notifications of a data breach resulting from a cyber incident made to the FCA during the period of 1st January 2023 to 30th June 2023. Our full response including the requested breakdown is set out in the attached Annex B.

D. Our full response of the breakdown of attack type from for cyber incidents reported to the FCA during the period 1st January 2023 to 30th June 2023 is set out in the attached Annex B.