Financial Services Compliance Blog - Thistle Initiatives

Are you protecting your firm against hacking? - Thistle Initiatives

Written by Thistle Initiatives - Compliance consultancy | Feb 17, 2020 12:00:00 AM

What’s happening?

In an increasingly online world, hacking is an ever-present threat for businesses of all types and sizes. The term hacking typically refers to individuals with some expertise in programming using their skills to gain unlawful access to sensitive data without the consent of the data owner. Hacking is illegal and offenders will be prosecuted whenever apprehended.

The impact of hacking

The list of major businesses hit by hacking grows longer by the day. Recent victims include Facebook, British Airways, TalkTalk, Equifax, Yahoo and Sony. Beyond these headline-grabbing cases, countless lower-profile businesses suffer at the hands of hackers.

The case of Travelex

On 31 December 2019, cyber criminals hacked into the systems of foreign exchange company Travelex. Travelex had to shut down their systems and carry out forex transactions manually, resorting to pen and paper. Holidaymakers across the UK and worldwide saw their money frozen as a result.

The Travelex hack had knock-on consequences for other financial services businesses. High street banks like Barclays, Royal Bank of Scotland and HSBC all rely on the Travelex platform. Travelex has insisted that it saw no evidence of customer data being compromised. But damaging reports suggested hackers had demanded cash in return for not selling off 5GB of customer data via the dark web.

Assuming Travelex had appropriate cyber insurance in place, this would have offset some of the costs of their financial losses and investigations into the extent and consequences of the attack. But a standard cyber policy would probably not cover all the costs of making good a compromised IT system – nor the potentially massive reputational damage such an event can inflict.
In the wake of the hacking attack on Travelex, its parent company Finablr saw its shares plummet on the London Stock Market, with other Finablr group companies around the world also potentially affected.

Data breach damage

Whenever hacking leads to data theft, there’s a high risk the company hacked will be found guilty of IT management practices falling below those required by UK data protection regulations. Data breach fines can be as much as €20 million – or 4% of the company’s global revenues. British Airways was fined a hefty £183 million in 2019.

Fines apart, a recent study by the Ponemon Institute put the average cost of a data breach at $158 per record, rising to $335 per record in the healthcare industry.

How can you avoid a data breach?

The three key steps in building a robust IT risk management strategy are as follows:

    • Ensure you’re compliant with all current regulations, including GDPR and the relevant FCA directives. It’s important to understand precisely which regulations apply to your business and to review this understanding whenever your operations change.
    • Put in place appropriate IT risk management, risk register, procedures management, and complaints-handling procedures. Set triggers to respond when any data breach occurs, backed by action plans to mitigate and remediate the immediate effects.
    • Constantly review new or updated regulations and implement any necessary response immediately.

How can we help you?

If you’d like to know more about how you can keep your firm safe from hackers and cyber criminals, our specialist payment services and financial crime team can help. We offer practical advice and support and can help you stay compliant with all applicable rules and regulations. We can also advise on how to guard against a wide range of other related issues, including money laundering, bribery and corruption, fraud and tax evasion.

To find out more, contact us today at info@thistleinitiatives.co.uk or call us on 0207 436 0630.