Fintech is one of the fastest growing sectors in the UK. Figures from a recent report into the State of Fintech by Innovate Finance highlight the significant rise in total investment and number of deals in digital tech companies up from £984 million in 2012, spread over 870 deals to £3.3 billion in 2016 over 2645 deals. Leading companies in the space have had international success, with Revolut, for example, gaining over 6 million customers in the UK, Europe and the US, and a valuation of $1.7 billion.
Attacks on the rise
However, global prominence can often act as a magnet for malicious actors. Fintech firms, much like their counterparts in the ‘traditional’ finance industry, are an attractive proposition for those looking to gain access to personal information.
Because of the nature of their services, Fintech companies hold a wealth of personal data, including highly sensitive financial information. The value of this data has, perhaps predictably, led to an upswing in the number of attacks. A 2018 cybercrime costs report from Accenture and the Ponemon Institute found that the average number of breaches per financial services company has more than tripled over the past five years. Up from just 40 in 2012, to 125 in 2017.
These breaches can have serious economic consequences. The Cyber Security Breaches Survey 2019 found the mean annual cost of for medium and large organisations that lost data after a breach to be £9,270 and £22,700 respectively. Furthermore, organisations should also be mindful of potential follow on costs post-breach in the form of regulatory fines and compensation settlements.
The larger the organisation, the more significant the cost. The credit bureau Equifax, for example, who discovered a critical data breach back in 2017 saw a 49% drop in their income the following year. The investigations triggered by the company’s admission of failure led to further costs in the form of a £500,000 fine from the UK’s Information Commissioner’s Office (ICO) and, more damagingly, a $650 million fine from the US regulators including the Federal Trade Commission and the Consumer Financial Protection Bureau.
Cyber Security as a commercial necessity
To help avoid such costs, therefore, it is essential the Fintech organisations adopt appropriate cyber security controls to safeguard consumer data. While the Equifax fine is a positive step, it is worth remembering, despite the sizeable sum, that it represents only a drop in the ocean for a firm with a revenue of $3.4 billion in 2018 alone. Smaller organisations may well not be as financially fortunate, and especially for start-ups, any breach could prove fatal.
Yet there is also a more positive reason for up and coming Fintech firms to prioritize cyber security. Consumers increasingly care about how their personal data is being used. In their one year review of GDPR, the ICO noted that there had been a 66% increase (over 470,000 in total) in the number of queries they had received from businesses, organisations, and individuals. They also reported a jump in the number of data protection concerns from the public, having received 41,000 in 2018/2019, compared to just 21,000 the year before.
Therefore companies that embed cyber security best practice in their operations from the beginning can use this as a competitive advantage. Highlighting their commitment to keeping client data secure to help attract and retain customers.
Read more of our blogs on Cyber Security here!