TheCityUK has published a report on making the UK financial and professional services sector more resilient to cyber attack. The report states that cyber crime is a real and present danger and financial institutions are on the front line, citing figures claiming that the number of reported cyber incidents worldwide is expected to grow from 14 billion in 2014 to 24 billion by 2019.
The report makes a number of recommendations to the industry, following a recent Government initiative to create a National Cyber Security Centre, in order to get the UK financial and professional services industry to act collectively, creating a safer system.
The report makes recommendations which apply both as a whole to the industry as well as to individual firms, and include:
- A company boardroom check-list for Boards to follow in order for them to challenge management on the treatment of cyber risk.
- The creation of an industry wide cyber-forum compromising a steering group of Board level cyber risk owners and a working group from the Risk or the Chief Information Security Officer community.
- Firm initiatives such as making cyber risk a standing item on the Board or risk committee agenda and ensuring that it is part of strategy, investment cases, acquisitions and appraisals.
- Industry recommendations such as collective information and best practice sharing on cyber risk reduction, increased support for the UK cyber security sector in the form of apprenticeships and mentoring opportunities, and making the case for cyber spend to be off-set against industry-specific costs taxes or levies as a way to catalyse private sector investment in raising system security.