The CityUK has published a report on making the UK financial and professional services sector more resilient to cyber attack. It makes practical recommendations for financial firms, individually and collectively, to improve their cyber resilience in line with existing initiatives. This includes a checklist for firm boards to challenge management with on the treatment of cyber risk and guidelines for best practice. The report recommends firms ensure:

  • the main cyber threats for the firm have been identified and sized;
  • there is an action plan to improve defence and response to these threats;
  • data assets are mapped and actions to secure them are clear;
  • supplier, customer, employee and infrastructure cyber risks are being managed;
  • the plan includes independent testing against a recognised framework;
  • the risk appetite statement provides control of cyber concentration risk;
  • insurance has been tested for its cyber coverage and counterparty risk;
  • preparations have been made to respond to a successful attack;
  • cyber insights are being shared and gained from peers; and
  • regular Board review material is provided to confirm status on the above.

(Source: The CityUK reports on resilience against cyber crime)