Information on cyber breach incidents reported to the FCA - February 2026

1. How many cyber breach incidents did regulated firms report to the FCA in the full financial year of 2024/25?
2. How many came from insurance intermediaries?
3. How many cyber breach incidents did regulated firms report to the FCA in the close of the 2025 calendar year?
4. How many of those reports came from FCA authorised general insurers and intermediaries?
5. How many came from insurance intermediaries?

Please note that we do not categorise information by the term ‘cyber breach’. Therefore, for the purposes of this request, we limited our search to incidents logged by the terms ‘cyber’ and ‘cyber-attacks’ and will refer to these as cyber incidents.

We can confirm that we hold centralised records on material operational incidents reported to the FCA by individual firms under SUP 15.3 and Principle 11. This includes incidents that are a result of cyber-attacks.

These figures do not include incidents at FCA-regulated firms that have not been reported directly to the FCA.

Please note that all data/information is accurate as of the 4th of February 2026 and is subject to change where there are ongoing investigations of incidents and root causes.