Financial advisers and pension providers have been shown to report just a handful of data breaches to the FCA over the past four years.
FCA records obtained under the Freedom of Information Act show that, between March 2013 and May 2017, there were just two data breaches reported by financial advisers.
Under FCA rules, firms must report to the regulator when data breaches occur.
Pension providers reported just one data breach over the period.
Lenders, however, reported 15 breaches and insurance companies had nine reported breaches.
The data breaches include loss of customer data, either wilfully or through theft or security shortcomings, where disks with customer data were lost in transit, or where firms fell victim to cyber-crime.
The breaches only cover those reported to the FCA, however. Data from the Information Commissioner’s office shows the total financial services data breaches reported to the organisation rose from 114 to 140 in the year to the end of March 2017.
The number is almost double the 76 reported to the ICO in 2013-14.
Under the General Data Protection Regulation, which comes into force next May, the ICO will have to receive a report of a data breach within 72 hours.