Major Drop in Cyber-Attack Reports from Large UK Financial Businesses

The number of cyber-attacks reported by large finance institutions to the UK’s Financial Conduct Authority (FCA) has fallen 53% in 2024 compared to 2023.

This is according to data shared by cybersecurity training platform provider Hack the Box on December 9 following a Freedom of Information (FOI) request.

This data compares two periods, from January 1 to December 31, 2023, and from January 1 to October 21, 2024.

Between January 1 and October 21, 2024, the FCA received 101 incident notifications from regulated firms – a 53% drop compared to the whole of 2023 (January 1 to December 31, 2023).

Notably, incidents related to a cyber-attack against third-party providers have dropped by 37%, while data breaches tied to cyber incidents have decreased by 29%.  

Haris Pylarinos, CEO and Founder at Hack The Box, said the fall in attacks coincides with much greater emphasis on cybersecurity preparedness in the finance industry – including continued tightening of the FCA’s operational resilience mandate.

Under the current rules, regulated firms must set impact tolerances, use testing to identify vulnerabilities, conduct crisis simulation exercises, and develop robust internal and external communication plans. By March 31, 2025, organizations must make further financial investments to sustain compliance.  

“There has been a conscious effort to factor preparedness and response into new FCA regulation, and on the surface, it appears that these efforts have, at least partially, helped,” Pylarinos added.

Meanwhile, Lucas Kello, Associate Professor of International Relations at the University of Oxford, said the drop might also reflect increasing sophistication in cyberattack methods that enable attackers to evade detection.

“Avoiding complacency is key. Financial firms must continuously develop proactive security measures,” he said.