By Oz Alashe, CEO, CybSafe

“The Financial Conduct Authority (FCA) launched its 2018/19 business plan, outlining priorities for the next 12 months. Data security and the operational resilience of financial services firms plays a prominent role in the regulator’s priorities, with an acknowledgement that cyber-attacks in the financial sector are becoming more frequent and widespread.

Over the next year, the FCA will “strengthen supervisory assessments of the highest impact firms to better understand their current and planned use of technology, resilience to cyber -attacks and staff expertise. We will also review how governance, strategy, systems architecture, risk management and culture contribute to firms’ data security.”

With this commitment, the FCA is placing the people component of cyber security at the heart of its 2018/19 strategy for the financial services sector. Measurement of staff cyber expertise and the impact of culture on a company’s cyber security risk is a progressive and welcome approach from a regulator. The finance sector has played a leading role in tackling information security threats, through ground-breaking technology and processes. However, this FCA commitment to protecting consumers and market integrity represents the first pledge by the sector to address the third pillar of any effective cyber security strategy – people. Financial firms should view their people as their first line of defence against cyber criminals. By building a positive cyber security culture, companies across the finance sector – from SMEs to multinational institutions – can be better placed to address any potential cyber security threats.

Industry regulators are oft-maligned for being slow to adapt in a fast changing technology landscape. Today the FCA should be commended for leading the charge in tackling the people aspect of cyber security.”