By Fergus Lemon, PWC

‘On Wednesday night, law enforcement officials contacted our offices and alerted us that hackers had sought and gained unauthorized access to some of our customers' data.

Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. As a precaution, we strongly recommend that you change the password of your account, and other accounts where you use this password.’

This is an extract from an email I received in February 2014, over a year on and it is still one of the things that I associate most with the company in question. Fortunately for that company, I think it provides an excellent service and I can therefore forgive this breach of trust. The fact that my credit card data was not accessed probably helps.

Cyber security, or lack of it, is a real concern in the world we live in. As mentioned in my last article, we share a lot of information online, we spend more time online across a range of devices than ever before and we have online accounts with a broad range of companies. A recent survey, commissioned by Experian, revealed that the average adult in the UK has 19 online accounts but an average of only seven different passwords[1]. These behaviours alone leave us vulnerable to malicious actors.

The rise of alternative finance in the UK could leave us even more vulnerable – at present there are over 70 platforms across the P2P and crowdfunding marketplaces in the UK and it is not unconceivable that an individual (or business) might want accounts with multiples platforms. I have memberships with five of them. Furthermore we share some of our most sensitive data with these platforms: personal and financial. Will you use the same password you use for everything else?

The alt fi platforms have a lot of responsibility when it comes to keeping our data safe and are accordingly bound by various UK and EU data protection laws. However, recent weeks have shown that even large companies with the best intentions and substantial IT budgets can fall prey to hackers. In February, Kaspersky Lab reported that a criminal gang had stolen £650m from financial institutions throughout the US, China and Europe via a well-executed cyber-attack[2]. I think it is a matter of when, not if, a major UK platform will suffer a hack and the subsequent loss of customer information.

Of course, this risk is not going unnoticed by senior management in the broader financial services sector. In a recent global survey, more than 70% of FS CEOs highlighted cyber threats and lack of data security as a key threat to growth[3]. Furthermore, PwC’s cyber security teams work with a large number of companies in the FS sector.

What I find encouraging for the alt fi industry is that we (PwC) have already been engaged to perform penetration testing and insider threat analysis on ten different platforms and it was also a hot topic of discussion amongst the many CEOs at the recent European Alt Fi Summit.

In conclusion, online financial services providers are always going to be high priority targets for hackers due to the nature and value of the data they hold. We all play a part in protecting ourselves online with strong and varied passwords and alt fi platforms should all be ensuring that they are as resilient as possible to cyber-attacks – failure to do so will likely result in the failure of their platform.

For more information please don't hesitate to contact Fergus on 

[1] 5 tips to beat the online cyber-criminals, June 2014, available at-

[2] Banking bosses say a cyber-attack is amongst their biggest fears, February 2015, available at:

[3] 18th Annual Global CEO survey, PwC, available at:

<< Back to All Articles