FCA imposes £16.4 million fine for cyber security failings
The FCA fined Tesco Personal Finance (Tesco Bank) under Principle 2 for Businesses: failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber attack in November 2016.
The regulator reminded firms: 'Cyber security requires resilience. A financial institution’s board is ultimately responsible for ensuring that its cyber crime controls are designed to meet standards of resilience. The board must set an appropriate cyber crime risk appetite and ensure that its institution’s cyber-crime controls are designed to anticipate and reduce the risk of a successful attack. Where an attack is successful, the board should ensure that the bank’s response plans are clear, well designed and well-rehearsed and that the bank recovers quickly from the incident. Following an attack the financial institution should commission a root cause analysis and understand and ameliorate the vulnerabilities that made the institution susceptible to the attack to reduce the risk of future attacks.' (Read more . . . )
You can help protect your business and clients against cyber attack, and make sure your organisation is meeting regulatory expectation in this high profile area, by attending our course on Cyber Security for FCA Regulated Firms on 4 December in London.