To gain a better understanding of the industry’s resilience, we surveyed 296 firms during 2017 and 2018 to assess their technology and cyber capabilities.
Note that we have updated the figure in paragraph 2.2 of the report to 187%.
Technology plays a pivotal and often innovative role in delivering and improving financial products and services to markets and customers. However, it can also lead to harm if not effectively managed or kept secure.
To gain a better understanding of the industry’s resilience, we surveyed 296 firms during 2017 and 2018 to assess their technology and cyber capabilities. The survey looked at key areas such as governance, delivery of change management, managing third-party risks and effective cyber defences. Firms self-assessed their capabilities and the FCA then analysed the responses for each firm and across sectors.
This report highlights the key themes from the self-assessment alongside data about the operational incidents firms have reported to the FCA. The report identifies areas of strength and those for improvement across all sectors.
We have also published the text for a speech that Megan Butler, Director of Supervision – Investment, Wholesale and Specialist, delivered at Bloomberg on 27 November 2018. This speech explores some of the key themes from the report, and looks at ways that firms can address cyber risk.
Alongside the report and the speech, we have published an infographic about how to react to a ransomware attack. Firms need to tell the FCA as soon as they know of ‘material’ cyber incidents which affect the firm. The infographic explores the steps firms can take to protect themselves, as well as points to consider when responding and recovering from an attack.
Who this applies to
The report, speech, and infographic are relevant for firms whatever their size.
In the report, we draw out the different responses from large and smaller firms and we encourage all firms to consider how our findings apply to them.
The information we’ve gathered supports our ongoing assessment of firms’ resilience, and helps to identify examples of good or poor practice. Key areas of focus that we have identified, such as third party management and change management, will be considered in our supervisory plans for 2019.