The FCA has published a summary of some of the main insights gained from the quarterly meetings of its Cyber Coordination Groups (CCGs) over the past year.
Recognising that cyber threats and their associated harms represent a complex and evolving challenge for the sector, the FCA has been bringing financial services firms together since 2017 to collaborate in groups on cyber security and operational resilience issues.
The CCGs help firms share knowledge and best practice. During 2020, the FCA convened 157 firms across seven CCGs, dedicated variously to: Insurance, Investment Management, Fund Management, Retail Banking and Payments Firms, Retail Investments and Lending, Brokers/Principal Trading Firms, and Trading Venues/Benchmark Administration Firms.
CCG member firms have encountered a wide range of challenges over the past year, including ransomware attacks, denials of service, cloud security issues, insider threats, and problems around supply chain oversight and security. Emerging issues in the world of cyber-security, identified by CCG firms included Zero Trust Security models and Artificial Intelligence.
There was general agreement that the recent shift to increased remote working has put additional strain on cyber-security systems and teams, requiring firms to re-evaluate and recalibrate their cyber risks and controls. Increased working away from company premises has also exacerbated the challenges posed by ransomware, supply chain security, and insider threats.
Participants identified fourth-party supply chain and Cloud Service Provider (CSP) risks as significant challenges, and shared a range of potential mitigation strategies. Shared assurance models were singled out as promising potential improvements in how firms assess supply chain risk.
You can read the full 4000-word report on the FCA website by clicking here.
For further details on this story, or any other compliance-related topic, contact our expert team on 01925 767888, or email helpline@ukgigroup.com.