On 8 March 2019, the FCA published a report on industry insights into cyber security.

The FCA notes that since 2017, it has brought together over 175 firms across different financial sectors to share information and ideas from their cyber experiences. The FCA runs Cyber Coordination Groups (CCGs) with the industry to help improve cyber security practices amongst members of the CCGs and their sectors. The CCGs have been discussing and sharing practices in the following areas: governance; identification; protection; detection; situational awareness; response and recovery, and testing.

The report collates the examples shared by firms and sets out those the FCA considers to be beneficial for a wider audience under each of these themes. The FCA hopes the practices and experience of the groups help those firms not already involved when considering where to prioritise their efforts in increasing cyber resilience.

The report should not be considered FCA guidance. It does not set out what the FCA’s expectations in terms of what systems and controls firms should have in place to comply with our regulatory requirements.