The UK’s Financial Conduct Authority (FCA) in late 2017 and early 2018 carried out a cyber multi-firm review with a sample of 20 firms in the asset management and wholesale banking sectors. The firms selected varied in terms of their size, scale, operating models and geography.
CyberSolace reviewed the conclusions of the FCA study and found that it tallies very well with our own experience. In fact we believe that the findings apply equally to almost all other industry sectors, e.g. the professional-services, utilities, government and media sectors as points in case. Two themes in the findings that we emphatically concur with are:
- the inadequacy of the assumption that layering of technical controls is the solution;
- the sole reliance on IT to drive the success of the cybersecurity mission.
Both of the above points are unfortunately two stubbornly persistent fallacies in our industry.
I invite any concerned and responsible senior stakeholder in any company looking to tackle the question of cybersecurity to read the summary of the findings of the FCA and take heed. It will serve as a valuable list of key lessons to observe before launching any cybersecurity programme.
Click the button below to read more.