Now that October’s Cyber Security Awareness Month is over, I would like to reflect upon the work that UK Finance is doing to promote a more cyber resilient culture across financial services.
My blog posted at the beginning of Cyber Security Awareness Month emphasised the need for greater collaboration across the sector and for organisations to not seek a competitive edge in cyber security. There are advantages for all organisations if the whole sector is more resilient and better prepared for a cyber attack, and not forgetting the obvious benefits to customers and the wider economy.
This thinking has led to the planned operationalisation of the new Financial Sector Cyber Collaboration Centre (FSCCC), as mentioned by both the UK Finance Chairman Bob Wigley and CEO Stephen Jones at our Annual Industry Dinner in October.
The FSCCC’s mission will be to proactively identify, analyse, assess and coordinate activities to mitigate systemic risk and strengthen the resilience of the UK financial sector. It will do this through enhanced collaborative activities and focused operations across financial services organisation industry partners and UK and international authorities.
While the FSCCC will initially converge around a subset of financial services organisations – those deemed to be Critical National Infrastructure (CNI) – it is intended to benefit the whole sector and will therefore become accessible to all organisations, no matter their size or cyber maturity.
Our ambition is that the FSCCC will develop so that financial services organisations are able to trust each other enough to share information on sensitive cyber attacks and known vulnerabilities. In conjunction, we aim to develop cyber playbooks focused on the greatest risks to the sector. Playbooks will then lead to the formation of cyber exercises to ensure the sector and regulators develop a muscle memory and confidence in the event of a real cyber attack.
This is not just an inward-looking financial services-led initiative, UK Finance and its members have been actively engaging with both the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), as well as the National Cyber Security Centre (NCSC), National Crime Agency (NCA) and Home Office. Only by engaging with our regulators, law enforcement and government partners can the FSCCC reach its full potential.
Neither are we complacent about the scale of the challenge ahead. The task of operationalising this initiative is considerable, but luckily our member organisations understand its need and continue to support us throughout this process. While we are ambitious in our long-term outlook for the FSCCC, the need to start small with the CNI, and building progressively over time will provide us with the best possible chance of long-term success and sustainability.
UK Finance is proud that its members are pulling together to help us create the FSCCC, we will strive to make it a world-class initiative that the country can in turn be rightly proud of. Once operational the FSCCC will make the UK and its financial institutions safer and more resilient to cyber attacks, while providing greater protection to customers. The benefits are clear, it is now our job to ensure we meet those expectations.
Cyber Resilience & Operational Risk Conference – 30 January 2018
This full-day, cross-sector conference will discuss the strategic importance of industry collaboration and a holistic, board down, business approach when tackling the twin challenges of operational risk and cyber resilience. Offering strategic insights and tactical solutions for the biggest threats facing banking institutions and payment service providers, the conference will bring together industry leaders and experts to debate the key challenges and opportunities for success. Book now and take advantage of our Smart Rate discount.