FCA Identifies Cybersecurity as Top Risk in 2017/18 Business Plan

April 24, 2017

The FCA identified cybsersecurity as a top priority in their recently published 2017/18 Business Plan. In the plan, FCA Chairman John Griffith-Jones said, "Of the increasing risk areas that we have identified, one in particular stands out – cyber resilience. Cyber-attacks are increasing in number, scale and sophistication."

The FCA calls for firms to adopt robust processes, adequate resourcing and effective governance with respect to technology, and to “build and enhance their capability to defend against, and respond quickly and effectively to, cyber-attacks.” The FCA has formed a Cyber Specialists team to oversee the management of cyber risk at finance firms and has developed a ‘practical cyber resilience toolkit’ to give them a better overview of a firm’s cyber-resilience capabilities.

The FCA has already deployed this toolkit and plans to use it across a much larger number of finance firms in 2017/18. They’ve also established cross-sector cyber coordination groups to allow firms to collaborate and expect more reporting from firms to the FCA regarding tech resilience and cyber incidents.

For FCA's 2017/18 Business Plan, see: https://www.fca.org.uk/publications/corporate-documents/our-business-plan-2017-18

For FCA's approach to cyber security in financial services firms, see: https://www.fca.org.uk/news/speeches/our-approach-cyber-security-financial-services-firms


How ACA Aponix Can Help

ACA Aponix can help clients build cybersecurity programs in accordance with industry best practices and regulatory requirements. ACA Aponix’s core offering includes risk assessments, written information security programs, staff awareness programs (phishing and training), network testing, threat intelligence and vendor due-diligence. The UK-based ACA Aponix team has experience with FCA (and GDPR) requirements and can provide guidance to both European-based and US-based advisers. 

Please contact info@acaaponix.com with any questions or for further information on how we can assist you with addressing cybersecurity risk.