FCA cyber review: many firms must do more
The regulator has carried out a review of a sample of 20 firms in the asset management and wholesale banking sectors (details here).
The FCA highlighted the following observations:
- Many firms need to do more to ensure that Board and Management Committee cybersecurity decisions are based on careful consideration of the cyber risks arising from the nature, scale and complexity of the firm’s activities and risk profile
- Firms should take proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority
- All 3 lines of defence should be clear about their role and responsibilities for managing cyber risks and the second and third lines possess a suitable level of knowledge, skill and expertise
- It liked firms to carry out in-depth reviews of key third-party service providers’ controls as part of broader cyber-risk assessment frameworks
- Incident management plans did not always appear to reflect the likely impacts of a successful cyber-attack in a variety of ways
You can benchmark and refine your organisation's approach to cyber security by attending our public course Cyber Security for FCA regulated Firms. Alternatively, why not run a tailored workshop in-house at at time and place to suit your business and people. Please call 0330 303 9779 or email email@example.com to discuss your requirements in confidence at at no obligation.