The FCA has published a speech given by Nausicaa Delfas (Director of Specialist Supervision at the FCA). The speech is entitled Our approach to cyber security in financial services firms.

Key points in the speech include:

  • having focused on the largest providers the FCA is now turning its sights more specifically to the broader population of firms it regulates. It will deploy a proportionate approach, ranging from communications and self-help to all firms to a more intensive supervisory approach with individual firms
  • what the FCA is looking for is a ‘security culture’ in firms of all sizes – from the board down to every employee. Cyber is not just an IT issue, but covers people, processes and technology. The key is: good governance, identification and protection of key assets, detection, response and recovery and information sharing, with the regulator and other parties; and
  • key emerging risk areas the FCA is looking at include: ransomware attacks, data storage and the skills gap in cyber. On data storage it is noted that as more firms move to the cloud, they need to be aware that they adopt the cloud provider’s threat profile, as well as their own. The FCA recently issued cloud guidance to firms which lays out the regulator’s expectations on this subject. Our blog entry is here.

View Our approach to cyber security in financial services, 22 September 2016