• wblogo
  • wblogo
  • wblogo

FCA urges firms to disclose cyber-related problems in real time

Chris Hamblin, Editor, London, 7 December 2017

articleimage

Megan Butler, a director at the UK's Financial Conduct Authority, has told the financial services industry that her organisation wants firms to tell it about cyber-breaches as soon as they happen.

Speaking at the ICI conference in London this week, Ms Butler did not identify any rule in the FCA's 'handbook' that compelled firms to do this but did seem to have some elements of FCA principle-for-business 11 vaguely in mind. This principle exhorts every firm to deal with regulators in an open and co-operative way and to tell them anything they could reasonably expect to be told.

She told delegates: "We absolutely expect all businesses to deal with us in an open, transparent manner. And this is an expectation that includes reporting of material cyber events. It is therefore essential we know about breaches in real time – as much as anything so we can support firms as they respond to an attack. If you aren’t sure if you need to tell us about an incident, please tell us anyway."

Ms Butler did not link these sentences up logically, or say whether she intended her nebulous hint at principle 11's phraseology to set the stage for a future comment about real-time reporting being in the rules. She did, however, note that "the cyber risk to capital markets is large and escalating" and implied to the audience that anything they said to the FCA about their IT problems would be passed on: "We share intelligence with the National Cyber Security Centre and the National Crime Agency."

In 2014, firms reported just five 'material' cyber-attacks, or attack campaigns, to the regulators. In 2015 they reported 27 and 2016 they reported 39. This year so far, they have reported 49. Ransomware is on the rise, accounting for 16% of recent reported attacks.

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll