Article April 16, 2019

FCA report highlights need for better cyber resilience

The Financial Conduct Authority (FCA) regulates financial firms and maintains integrity in the UK’s financial markets. Here’s what their report found:

According to the UK’s financial regulator, cyber resilience is a top concern for most of the 300 financial services firms they spoke to when compiling Cyber and Technology Resilience: Themes from cross-sector survey 2017/2018. However, the report also found an 187% increase in reported technology outages to the FCA, with 18% of all the incidents reported to them to be cyber-related.

In a speech she gave to Bloomberg following the report’s release, Megan Butler, Executive Director of Supervision at the FCA, explained that the governing body sees “no immediate end in sight” to the prevalence of technology failures and cyber incidents. But she also explained that the FCA doesn’t expect zero-failure, only that firms gain a better understanding of the data they hold, the systems they use, the backups they create, and crucially, the human risk element in all of these things. 

The FCA sees no immediate end in sight to the prevalence of technology failures and cyber incidents. Megan Butler, Executive Director of Supervision at the FCA

“The true test of the resilience of UK finance is not the absence of incidents. It’s how well incidents are managed. So from the FCA perspective, the really important questions are along the following lines. Are firms operating strong lines of defence? Are firms resolving issues swiftly? Are firms responding to emerging threats? Are firms managing third parties effectively?”

It is expected that cyber resiliency will make up part of the FCA’s supervision going forward. Concerns to be addressed include the lack of ownership of cyber risk at board level within many firms, the use of unsupported hardware and software, lack of employee training on cyber risk, and the failure of third parties used by financial institutions to address any of the above.

To access a summary of the survey’s themes, click here.

To view a ransomware infographic produced by the FCA, click here.

Finally, to read Megan Butler’s full speech, click here.