FCA starts asking firms questions on cyber security

Following on from similar requests from the Prudential Regulation Authority and Bank of England, the FCA has sent a questionnaire to registered financial intermediaries and brokers asking about firms’ measures to protect against, and recover from, cyber-attacks.

The questionnaire comprises 49 questions and must be:
  • signed off at board level;
  • completed within eight weeks of receipt;
  • completed by competent parties with appropriate IT/cyber risk knowledge and experience.
Focusing on the management of cyber risk rather than its elimination, the questionnaire requires respondents to answer questions on the governance of their cyber resilience strategy, the identification of cyber threats, and the protective measures in place and response/recovery procedures. The questionnaire also asks firms about their testing, awareness of cyber risk and the processes in place to keep abreast of evolving threats.

The FCA makes clear that firms should not need professional help to complete the questionnaire. We agree that firms with in-house cyber security risk knowledge should be able to do this independently. However, if you do not have this expertise in-house, and would like to discuss the questionnaire with one of our cyber security experts to help you better understand the basis of the questions, please contact us.

Leave a comment

 Security code