Context
The FCA has published a summary of discussions held throughout 2025 with industry members of its Cyber Coordination Group (CCG) programme. The CCG programme brings together up to 140 firms. Members have contributed their insights into these topics, and the FCA has included those that reflect what has worked well for CCG members and the challenges they’ve found within their firms.
These insights are not introducing any additional regulatory expectations; rather, the FCA is making these insights available so that firms can consider them in the context of the FCA’s existing expectations, learn from others, and strengthen their cyber resilience capabilities.
Key points to note and next actions
The CCG members shared cyber resilience insights on 3 topics, all of which have commentary included in the web page:
- Incident response practices and recovery at scale.
- Implications for cyber security of AI, quantum computing, and other emerging technology.
- Insider risk management.
An ‘insights summary’ includes brief commentary on:
- Preparing senior managers for incident response
- Developing testing approaches to strengthen preparedness
- Being clear with third parties on roles and expectations
- Building emerging technologies into your risk framework
- Managing insider risk