On 11 March 2020, the FCA published a web page providing the latest insights from its cyber co-ordination groups that were first brought together in 2017. These groups meet every quarter and allow firms to share knowledge of their common experiences and discuss best practices in their approach to cyber security.
Each cyber co-ordination group represents a specific sub-sector. In 2019, these sub-sector groups came from: insurance, fund management, investment management, retail banking, retail investments and lending, brokers and principal trading firms, and trading venues and benchmark administrators. Firm participation has grown from 175 in 2018, to over 185 firms in 2019.
On the web page the FCA summarises the latest discussions under four themes. The first theme, Cyber Risks, addresses high-level risks discussed each quarter using a ‘Cyber Risk Radar’ which tracks the threat to each sector. Firms discussed the most concerning risks in greater depth, and how they could mitigate or manage these risks. The output from these discussions is highlighted in 3 themes of identity and access management, third parties and supply chain, and malicious emails.
The information on the FCA web page is not FCA guidance. It does not set out the FCA’s expectations for systems and controls that firms should have in place to comply with its regulatory requirements.