The FCA has published some thoughts on good and poor practice arising from discussions with the Cyber Coordination Group during 2024. Key topics were:
- the reconnection framework and third party management: firms are increasingly relying on third-party suppliers to deliver Important Business Services and to ensure that Impact Tolerances aren’t breached, but it can be hard to manage different resiliency practices and requirements across jurisdictions;
- threat and vulnerability management and threat-led penetration testing: it has found that threat-led penetration testing is a very effective tool for identifying previously known cyber vulnerabilities; and
- AI and other emerging technologies, including quantum computing: the FCA cautions that implementing AI into cyber domains without fully understanding the potential impacts can create exposure to new or unidentified risks. AI can be very useful in automating quality assurance processes and as part of cyber defence.
