Context
The FCA has published insights from its Cyber Coordination Group (CCG), summarising discussions held throughout 2024 with industry members of the CCG programme. The FCA has run the CCG programme since 2017. It currently has 139 member firms within five groups that are each aligned to a sector, with one sector being insurance.
Key points to note and next actions
The insights focused on three key topics:
- The reconnection framework and third-party management.
- Threat and vulnerability management and threat-led penetration testing.
- AI and other emerging technologies, including quantum computing.
The following are likely to be of particular interest to firms:
- Threat-led penetration testing is an extremely effective tool for identifying previously unknown cyber vulnerabilities.
- The threat from combined non-critical vulnerabilities can potentially cause as much harm as, or more harm than, a single critical vulnerability.
- Legacy technologies, especially end-of-life systems, should have effective security risk management, as with any other system.
- Cross-industry information sharing forums, such as the Cross Market Operational Resilience Group (CMORG) or the Financial Services Information Sharing and Analysis Centre (FS-ISAC), can be highly effective in enabling collective communication with third-party suppliers during significant outages.
- Implementing AI into cyber domains without taking steps to fully understand all potential impacts can lead to increased exposure to new or unidentified risks.