In 2018, companies reported 145 breaches, compared to 25 from the previous year.
The FCA said investment banks reported the most incidents, at 34, up by three in 2017.
Retail banks reported 25 breaches compared to the 1 in 2017, according to data acquired by law firm RPC via a freedom of information request.
RPC said that cybercriminals could be targeting investment banks in the belief that their security systems are less sophisticated than those of retail banks.
Hackers may also be seeking data on sensitive topics such as mergers and acquisitions that could be used for insider trading.
In the US, for example, the US regulator SEC is investigating a number of insider dealing cases that relate to cyber breaches.
Insurers reported 33 breaches in 2018, up from seven in 2017, while consumer retail lending firms reported 21 breaches in 2018, up by four from the previous year. Retail investments firms reported 11 breaches in 2018, up from none in 2017.
In June 2018, the first month after the new GDPR rules came into force, financial firms reported 20 data breaches.
Richard Breavington, a partner at RPC and head of their cyber insurance and breach response team, said: “Banks remain a top target for cybercriminals. The figures suggest that the banks are suffering data breaches on a frequent basis.”
“The increase in reports, however, does show that the financial services industry is now taking cybersecurity more seriously than ever,” Richard said.
“The financial and reputational fallout from a data breach can be serious for a business of any size. They must be ready to defend against – and respond to – breaches as efficiently as possible.”
Last April, several reports surfaced online, stating that seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank, had to shut down or limit their systems after sustained attacks cost them hundreds of thousands of pounds to fix their systems.
In October, for example, Tesco was fined £16.4m by the FCA as a result of a hack in 2016 that saw £2.26m stolen from current accounts.
RPC’s Brevington said that less than 100 cybercriminals were prosecuted under the Computer Misuse Act annually, which is significantly low, especially when you look at the higher number of cyber-crimes being reported across all industries.