View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Financial Service Firms Need to Report Their Emergency Backup Plans

National Cyber Security Centre to be consulted as experts

By CBR Staff Writer

The Bank of England and the Financial Conduct Authority have informed financial service firms that they have till the 5 of October to report on how they plan to respond to risks such as cybersecurity attacks.

In a report produced jointly by the Financial Conduct Authority (FCA) and the Bank of England (BoE), they highlight that: “A resilient financial system is one that can absorb shocks rather than contribute to them,” and that “Dealing with cyber risk is one important element of operational resilience.”

“The financial sector needs an approach to operational risk management that includes preventative measures and the capabilities – in terms of people, processes and organisational culture – to adapt and recover when things go wrong.”

The report highlights the impact the fast pace of change technology is having and cites the “hostile cyber environment” as a key concern: “Additional challenges occur where firms operate internationally or outsource a significant level of activities to third parties.”

The (BoE) Financial Policy Committee (FPC) conducts stress tests on finical institutes using previous macroeconomic data to calibrate a systems resilience to shock. However the report points out that no data history exists for cyber events.

“So the FPC will rely on the independent judgement of experts, such as the National Cyber Security Centre, to assist calibration of the stress scenarios, drawing on up-to-date intelligence,” the report notes.

Legacy Concerns

Dan Sloshberg, Director Product Marketing at Mimecast informed us that: “WannaCry was a wakeup call and highlighted the disruptive power and scale cyber-attacks can have on our critical national infrastructure.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

“Organisations can also learn from the new NIS Directive. This legislation clearly signals the move away from pure protection-based cybersecurity thinking. Robust business continuity strategies have never been more important to ensure organisations can continue to operate during an attack and get back up on their feet quickly afterwards.”

Mark Cresswell, CEO of LzLabs told Computer Businees Review in an emailed statement that: “Yesterday’s discussion paper from the Bank of England and the FCA exemplifies how technology embodies both the problem and the solution when it comes to the operational resilience of Britain’s banks.”

“Section 4.20 echoes the calls of many that the financial sector relies too heavily on a limited number of technology providers. This is most prevalent when it comes to the legacy mainframe computers which still occupy the heart of many institutions’ IT systems.”

“In today’s worsening climate of operational problems for the sector, the reliance on ageing proprietary technology is perhaps the biggest threat to operational resilience. The limited pool of skilled individuals able to keep these systems running has dried up, with no one to take their place.”

“True technological innovation in the sector creates opportunities for increased efficiency and the enablement of better risk management. This can only truly be achieved when financial institutions are able to fully embrace modern, open technologies, and remove the shackles of legacy IT systems,” he added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.