The UK Financial Conduct Authority (“FCA”) has carried out a multi-firm review of cybersecurity practices with a sample of 20 firms in the wholesale banking and asset management sectors (the “Report”). The review aimed to look more closely at how wholesale banking and asset management firms oversee and manage their cybersecurity, including the extent to which firms identify and mitigate relevant cyber risks and their current capability to respond to and recover from data security incidents.
The Report provides a number of useful takeaways for all firms to consider in relation to their cybersecurity management. As a general theme, the FCA acknowledges that whilst all firms understand the importance of strong cybersecurity, significant divergences remain in practical cyber risk management. The FCA is clear that firms should be taking proactive steps to foster a security-centric culture where cybersecurity is no longer seen as just an IT issue, but it is instead an organisation-wide priority. Key points highlighted by the FCA’s Report on methods for organisation-wide cyber risk management are:
- Understanding and managing the cyber risks your firm faces – whilst the FCA…
