Skip to main content
Male professional securing emails in office using laptop
6 min

21 Cybersecurity Statistics for UK Financial Services Organisations

Cybercrime remains one of the highest-impact risks for UK financial services firms.

Digitisation has improved service and efficiency, but it has also widened the attack surface across email, payments, and supplier access.

For board papers, risk registers, and client communication reviews, cybersecurity now sits alongside credit, conduct, and operational risk.

The statistics below mix UK-specific and global financial-sector research from named sources. Where a figure is global or dated, we note the scope so you can judge how it applies to your firm.

We've grouped 21 cited statistics on targeting rates, costs, phishing, ransomware, governance, and resilience, with links to the original reports.

Contents

 

Use the sections below to scan by theme, then follow the source links when you need the full report context.

Understanding the Risk

1. Financial services organisations are 300 times more likely than other companies to be targeted by a cyber attack, according to CIO Dive's 2019 analysis.

What The Research Shows

Financial services firms remain disproportionately targeted compared with other sectors - a pattern that still shapes threat modelling and control investment today (CIO Dive, 2019).

2. In McKinsey's 2022 sector survey, the number of cyber attacks reported since the pandemic rose by over 200%.

3. The banking industry saw a 1318% increase in ransomware attacks in 2021, according to Security Magazine's reporting on that year.

4. In the same McKinsey survey, cybersecurity risk is rated “extremely important” by more than 80% of bankers, ranking above all other operational risks.

"Boards are now expected to treat communication risk with the same seriousness as financial and conduct risk.

If phishing and mis-sent client data are not visible in risk reporting, firms can look secure on paper while everyday email workflows stay exposed."

Paul Holland, Founder and CEO, Beyond Encryption (Mailock)

Those governance shifts sit alongside rising incident costs in sector reporting.

Quantifying the Threat

When incidents land, recovery cost and duration often determine whether the impact stays operational or becomes regulatory and reputational.

5. In Accenture and Ponemon's 2021 analysis, the average cost of cybercrime for financial services was 40% higher than in other sectors.

6. Among financial services organisations that paid a ransom, almost 39% paid $1 million or more in Sophos's 2023 sector study, up from 5% the year before.

7. The average worldwide cost of a data breach in the financial sector was $5.9 million in 2022 - above the global average of $4.45 million (USD).

8. For 37% of institutions in McKinsey's 2022 survey, the average time to resolve a security issue exceeds three months.

Key Threats: Phishing

Brand impersonation and malicious email remain common routes into financial services environments, including firms covered in our financial services cybersecurity overview.

9. In 2020, HMRC reported a 73% increase in email phishing attacks targeting taxpayers.

10. In Vade's H1 2022 sample, financial services was the most impersonated industry for phishing, accounting for 34% of activity.

11. Phishing is the method of initial access in 46% of cyber attacks targeting financial services in McKinsey's 2022 survey.

"Phishing statistics are useful, but the operational question is whether staff can spot a plausible payment or document request before it reaches a client workflow.

Firms also need evidence of who opened sensitive email when something goes wrong."

Michael Wakefield, CTO, Beyond Encryption (Mailock)

Ransomware reporting shows how quickly encryption and payment decisions follow initial access.

Key Threats: Ransomware

Encryption and extortion continue to dominate sector incident reporting, with payment and recovery choices under board scrutiny.

12. In Trellix's January 2022 threat report, the banking and financial sector accounted for 22% of total ransomware attacks in the sample.

13. In Sophos's 2023 financial services study, 64% of organisations reported a ransomware attack, up from 55% the year before, and 81% had data encrypted in those incidents.

Securing Client Communications In Financial Services?

Learn how Mailock supports regulated financial firms that need to protect client information while keeping email practical for everyday use.

Explore Mailock for financial services

14. In VMware's 2022 financial-sector survey, 74% of financial leaders experienced one or more ransomware attacks, and 63% ended up paying the ransom.

Key Threats: System Attacks

Technical exploitation and availability attacks still feature heavily in sector threat data alongside social engineering.

15. In Akamai's 2021 finance sector analysis, one in three cyber attacks against financial institutions began with vulnerability exploitation.

16. In IBM's 2021 X-Force Threat Intelligence Index, Distributed Denial of Service (DDoS) attacks increased by 110% year-on-year in the financial sector.

Attitudes to Cybersecurity

Governance and investment priorities are catching up with the frequency of incidents reported in sector surveys.

17. 95% of board committees now discuss cyber risk four or more times a year, according to McKinsey's board-focused analysis.

18. Top cybersecurity investment priorities for CISOs in that report include Extended Detection and Response (24%), Workload Security (22%), and Threat Intelligence (15%).

How Are Firms Addressing Risk?

Accenture's 2021 UK financial services cyber resilience study highlights how maturity and tooling choices affect breach outcomes. Figures below are in USD from that research.

19. Firms that had mastered cybersecurity were nearly four times better at stopping breaches.

What The Research Shows

Accenture's 2021 UK study found that firms with stronger cyber maturity were nearly four times more effective at stopping breaches than peers (Accenture, 2021).

20. Modern systems and protocols can reduce breach costs by 72%, saving $273,000 per incident in the same study.

21. With an average of 22 incidents a year, those savings add up to $6 million annually for the average financial firm in that model.

Preparing Your Business

Keeping pace with threat data while running core platforms and client service is a constant pressure for providers, platforms, and intermediaries.

Email remains a common route for phishing, misdirected messages, and impersonation. Controls that sit alongside everyday sending can help reduce those risks without forcing every client onto a new portal.

For practical steps beyond the numbers, see our guide to cybersecurity best practices for financial organisations.

Mailock adds AES-256 encryption, recipient authentication, secure replies, and message tracking to email workflows used by advisers, providers, and their customers.

It supports individuals, teams, and enterprises that need to evidence who received sensitive information and how access was checked, including message logs and broader audit trails across the account.

 

FAQs

Which Cyber Risks Are Highlighted for Financial Services?

The article groups risks around phishing, ransomware, system attacks, attitudes to security, and board-level preparedness.

Why Do Statistics Need Context?

Figures help show scale, but firms still need to map them to their own systems, people, suppliers, and customer communication workflows.

How Should Firms Use Cybersecurity Statistics?

Use them to prompt practical reviews of resilience, training, incident response, and secure handling of customer information.

 

References

Cyberattacks Hit Financial Services 300 Times More Than Other Sectors, CIO Dive, 2019

The Cybersecurity Posture of Financial Services Companies, McKinsey, 2022

Cybersecurity Emerging Challenges and Solutions for the Boards of Financial Services Companies, McKinsey, 2022

Banking Industry Sees 1318% Increase in Ransomware Attacks in 2021, Security Magazine, 2021

Cost of Cybercrime Continues to Rise for Financial Services Firms, Accenture, 2021

The State of Ransomware in Financial Services, Sophos, 2023

Average Cost of a Data Breach in the Financial Sector, Statista, 2022

HMRC Sees 73% Growth in Email Phishing Attacks, Infosecurity Magazine, 2020

Phishers' Favourites: Top 25 for H1 2022, Vade, 2022

Threat Report: January 2022, Trellix, 2022

Modern Bank Heists 5.0: The Escalation from Dwell to Destruction, VMware, 2022

Phishing for Finance: State of the Internet Security Report, Akamai, 2021

Security X-Force Threat Intelligence Index, IBM, 2021

Financial Services Cyber Resilience Study, Accenture, 2021

Reviewed by

Sam Kendall, 30.05.26

This content is for general information only and is not legal advice.

 

Originally posted on 25 10 22
Last updated on June 5, 2026

Posted by:  Sabrina McClune

Sabrina McClune writes about cybersecurity, data protection, digital identity, and digital transformation for Beyond Encryption, helping regulated sectors understand complex technology and compliance topics with greater clarity.

Return to listing