The FCA has published a new web page on cyber resilience containing relevant materials.
Among other things the FCA reminds firms that under Principle 11 they must report material cyber incidents. A firm may consider an incident material if it:
- results in significant loss of data, or the availability or control of IT systems;
- impacts a large number of victims; or
- results in unauthorised access to, or malicious software present on, information and communication systems.
View Cyber resilience, 18 May 2018