Full Report
A Hack The Box Freedom of Information request has shown a significant drop in cyber-attacks reported to the Financial Conduct Authority (FCA) in 2024
Analysis Summary
# Incident Report: Reduction in Cyber-Attack Reporting by UK Financial Firms
## Executive Summary
The number of cyber-attacks reported by large UK financial institutions to the Financial Conduct Authority (FCA) saw a marked decrease of 53% in the period ending October 21, 2024, compared to the full year of 2023. This positive trend is attributed, in part, to heightened cybersecurity preparedness driven by the FCA’s operational resilience mandate, although experts caution that increased attacker sophistication might also contribute to reduced detection rates.
## Incident Details
- **Discovery Date:** Data analyzed and shared on December 9, 2024.
- **Incident Date:** Reporting covers January 1 to October 21, 2024, compared against January 1 to December 31, 2023.
- **Affected Organization:** Large UK financial institutions regulated by the FCA.
- **Sector:** Financial Services (UK).
- **Geography:** United Kingdom.
## Timeline of Events
### Initial Access
- **Date/Time:** Data collection period spans Jan 1 - Oct 21, 2024.
- **Vector:** Not detailed as this report focuses on aggregate statistics rather than specific breaches.
- **Details:** 101 incident notifications received by the FCA by October 21, 2024, down 53% from the previous year.
### Lateral Movement
- Not applicable/Not detailed in the aggregate report.
### Data Exfiltration/Impact
- **Details:** Data breaches tied to cyber incidents decreased by 29%. Incidents targeting third-party providers dropped by 37%.
### Detection & Response
- **How it was discovered:** Data gathered via a Freedom of Information (FOI) request submitted to the FCA.
- **Response actions taken:** The decline coincides with greater emphasis on cybersecurity preparedness mandated by the FCA’s operational resilience mandate (requiring impact tolerance setting, vulnerability testing, and crisis simulation).
## Attack Methodology
*Note: Since this is a reporting trend analysis, the methodology describes factors influencing the *reported* attack landscape, rather than a single intrusion's specific steps.*
- **Initial Access:** Attack vectors are not specified, but the decrease suggests improved preventative controls or the use of more sophisticated attacks that evade current defenses.
- **Persistence:** Not detailed.
- **Privilege Escalation:** Not detailed.
- **Defense Evasion:** Suggested as a possible cause for the reporting drop by one expert (Lucas Kello), implying attackers are becoming better at avoiding detection.
- **Credential Access:** Not detailed.
- **Discovery:** Not detailed.
- **Lateral Movement:** Not detailed.
- **Collection:** Not detailed.
- **Exfiltration:** Data breaches saw a 29% decrease in reported incidents.
- **Impact:** Overall cyber-attack reports fell by 53%.
## Impact Assessment
- **Financial:** Not specified, though compliance requires firms to make further financial investments by March 31, 2025.
- **Data Breach:** Reported data breaches tied to cyber incidents decreased by 29%.
- **Operational:** Associated incidents regarding third-party providers decreased by 37%.
- **Reputational:** Not directly assessed, but improvement in reporting signals better security posture management.
## Indicators of Compromise
*Note: No specific IoCs were provided as this is a regulatory data analysis, not a post-incident forensics report.*
- **Network indicators:** None available.
- **File indicators:** None available.
- **Behavioral indicators:** None available.
## Response Actions
- **Containment measures:** Not detailed, but likely improved via FCA mandates.
- **Eradication steps:** Not detailed.
- **Recovery actions:** Mandated crisis simulation exercises are part of the regulatory improvements contributing to better posture.
## Lessons Learned
- **Key takeaways:** Increased regulatory focus (FCA operational resilience mandate) appears to be driving improved cybersecurity preparedness among large UK financial firms, resulting in fewer reported incidents.
- **What could have been done better:** Experts caution against complacency, noting that the drop might reflect attackers using more sophisticated methods making breaches harder to detect, rather than a pure reduction in threats.
## Recommendations
- **Prevention measures for similar incidents:** Financial firms must continuously develop proactive security measures and must not become complacent due to good statistical trends. Firms should continue to invest in operational resilience as required by the FCA mandate (due by March 31, 2025).