Cybersecurity - industry insights from the FCA

The Financial Conduct Authority has just published an Industry Insights document on cyber security. Whilst not containing any formal guidance or rules, the Insights highlight the risks of cyber attacks to FCA regulated firms and confirms industry best practice around the key areas relating to cyber resilience: governance, identification, protection, detection, situational awareness, response and recovery, and testing.

Previously, the FCA has focused on cyber resilience, advising organisations to develop a culture of security and to ensure they are able to identify and prioritise their information assets. The Industry Insights document builds on this to highlight that no “one size fits all approach” to cyber security can apply. It explains that much will depend on firms understanding their own business in order to have a clearer picture of the potential threats. Further, there is no replacement for firms adhering to existing security configuration standards such as CIS Benchmarks and guidance from the National Cyber Security Centre.

The guide also sets out practical steps for all organisations including:

  • implementing effective cyber security policies, procedures and controls

  • delivering cyber security training

  • proactively managing third-party suppliers

  • investing in encryption