The FCA has published a speech on its supervisory approach to cyber security in financial services firms. In terms of its supervisory approach, the FCA's expectations of firms are that they: (i) have a security culture, driven from the top down, as cyber is not only an IT issue, but involves people, processes and technology; (ii) practice good governance around cyber security; (iii) identify their key assets and ensure appropriate protections around them; (iv) put in place recovery and response systems and controls to enable them to carry on in the event of an unforeseen interruption; and (v) make timely communication to consumers and markets and notify material breaches to the FCA under PRIN 11.