FIN.

BoE publishes 2025 CBEST thematic

The BoE has released its 2025 CBEST Thematic publication, which sets out insights from assessments of firms and FMIs. Of course, the main observation is that strong cyber hygiene is not a one-time exercise and that organisations need continually to consider underlying causes of cyber risk as well as how they manage it. The main messages are:

  • to harden operating systems to reduce the likelihood of severe cyberattacks, including by patching vulnerabilities and securely configuring key applications;
  • working to reduce the impact of unauthorised access, through better credentials management, enforcing strong passwords, MFA, preventing and detecting insecure credential storage and appropriate segmentation of networks;
  • ensuring early detection and effective monitoring, alerting and response processes are in place; and
  • to implement risk-based remediation plans.

The report highlights other findings from the exercises the regulator  carried out and gives further pointers and recommendations on threat intelligence including the most advanced persistent threats, behaviour analysis and staff culture and training.

Emma Radmore