On 8 March 2022, the FCA published a new webpage stating that although the National Cyber Security Centre (NCSC) is not aware of any current specific cyber threats to the UK following events in Ukraine, firms should be vigilant.
The FCA recommends that firms should review the NCSC’s guidance outlining actions all organisations should consider in response to the current situation. The FCA also encourages firms to review the NCSC’s Cyber Essentials scheme.
The FCA mentions that firms should:
- Consider their ability and the ability of their third party providers to withstand a cyber-attack.
- Take all appropriate steps to shore up their controls, including raising staff awareness that may, for example, include re-running staff ethical phishing campaigns.
- Consider if their staffing levels are appropriate to deal with an elevated cyber risk.
- Consider the implications of the continuing unrest and UK/US/EU sanctions and how that might impact it and its third-party providers including whether this could affect the delivery of important business services.
- Ensure that their business continuity and incident management arrangements are up to date, ensuring that the firm can continue to function and meet its regulatory obligations in the event of unforeseen disruption.
- Be ready to report material operational incidents to the FCA in a timely way.