Edit Content

Log in here for full access to all our great content

 

Please log in below with your username (which is your email address), using all lower-case letters.

 

Forgotten your password?
No problem, simply tell us you have forgotten your password to receive instructions instantly via email.

Having problems logging in?
If you are a current member but are unable to login, please first make sure you are using all lower-case letters for your username/email address. If you still have difficulties, please contact us via email at info@a-m-i.org.uk so we can rectify your problem.

Not a member?
Learn more about the benefits of becoming a member or apply online and we will be in touch.

The global spread of the WannaCry ransomware last month should be a wake-up call for businesses to review their cyber security infrastructure, as no sector or type of firm is immune from attacks.  This is particularly relevant considering the implementation of the General Data Protection Regulation next May which requires firms to understand how they hold and process their data, with significant fines for any breaches.  Failure to notify a major breach when required to do so will result in a fine up to the higher of €20 million or 4% of total global annual turnover.

It is important for firms to first get the basics right, such as malware protection and patch management.  This applies to firms of all sizes and a risk management approach should be taken in order to understand the operational and strategic risks specific to their business.  As attacks are designed to exploit human behaviour, all individuals are targets.  Therefore mitigating cyber risks needs to be done at all levels in a firm with sufficient staff education.  All of these risks also apply to any third party providers, for which firms are responsible.  We will be providing guidance to firms in the coming weeks.

The FCA set out in its business plan an intention to focus on cyber risk over the next year.  It is not unreasonable to expect that this may include how firms mitigate these risks as part of the authorisations process, particularly the ‘innovative’ firms in the regulatory sandbox.  Although its due diligence of some of the business models that have emerged recently doesn’t demonstrate proper controls.

Aileen Lees
Senior Policy Adviser

June 2017

X

Forgot Password?

Join Us