UK: Cyber-security – what level of security will be sufficient to meet a firm’s regulatory obligations?

Firms’ confidential information, and the personal data of their customers, is increasingly being recognised as a valuable commodity, attracting the attention of sophisticated organised criminals.  As custodians of what is often their customers’ more sensitive personal data, not to mention, in many cases, their assets, banks and other financial services firms make an obvious target.  A report last year suggested that the average cost of cyber-crime to a financial-services company in 2013 was $24 million.  This represents a 44%  increase over 2012 and almost double the average cost in 2010, and the highest average loss across all industry sectors.  

Earlier this year, malware originating from an international group of cyber-criminals was discovered on the networks of over one hundred financial services firms across thirty countries.  It is estimated that information obtained through this malware was used to fraudulently transfer up to £650 million from financial services firms, with UK banks suffering losses in the tens of millions.

In this article, initially published by Thomson Reuters Accelus on 27 April 2015, Karen Anderson, Ian Thomas and Andrew Moir touch on a range of regulatory perspectives on cyber-security, review the approach of the UK regulators so far, and consider how the appropriateness of cyber-security measures might be assessed.


 ian.thomas@hsf.com_HGS andrew.moir@hsf.com_HGS
Ian Thomas    Associate                                    +442074662012Andrew Moir      Partner                            +442074662773


Leave a Comment

Filed under Bank of England, FCA, PRA

Leave a Reply