Operational incidents show no signs of abating: in recent years, there have been a number of high profile cyber-attacks by third parties, as well as IT incidents such as those resulting from system updates and migrations. Certain of these have attracted regulatory attention and in this final part of our three part series on operational resilience we draw out key learnings regarding the expectations around operational resilience from enforcement cases in this area: