In a recent speech, Megan Butler, Director of Supervision – Investment, Wholesale and Specialists at the FCA, spoke about the ongoing threat to firms posed by cyber attacks.
It is the responsibility of firms to report material breaches. The FCA is realistic that some cyber-attacks will succeed, and does not operate a zero-failure regime. That being said, the regulator expects firms to tell it about cyber breaches as soon as they are aware something is wrong. The FCA suspects that there is currently a material under reporting of successful cyber attacks and stressed that it expects all businesses to deal with it in an open, transparent manner in reporting such attacks. Ms Butler referred to the infographic published in June which was aimed at smaller organisations but whose messages are relevant to all firms.