On 8 December 2022, the FCA published a new webpage providing insights arising from the discussions held at the FCA’s quarterly Cyber Coordination Group (CCG) meetings throughout 2021.

The webpage is split into three sections: the first highlights the cyber risk landscape, as well as emerging cyber risks discussed at the CCGs in 2021.

The key insights discussed include:

  • Malicious cyber actors targeting internet-facing systems such as email servers and virtual private networks with newly disclosed vulnerabilities, ransomware attacks using Remote Desktop Protocols and unpatched devices, denial of service attacks, and inadequate supply chain oversight leading to supply chain compromise.
  • The Covid-19 pandemic continued to impact the sector in 2021, with the challenges posed by remote and hybrid ways of working.
  • Emerging trends in cyber security risks, include supply chain compromise and exploit of zero-day vulnerabilities.
  • The importance of board engagement in setting the organisational cyber risk appetite. This also extends to board support in measuring the effectiveness of cyber security postures, and board assurance that supply chain partners effectively protect the information shared with them.
  • Several common good practices can be used for implementing security in the early stages of the software development cycle (also known as DevSecOps). This includes empowering rather than mandating security practices and giving access to security tools to the development teams.