TheCityUK and Marsh have jointly published a report urging UK financial and related
professional services sectors to step up their efforts to address
cyber risk. The report (headed "Cyber and the City")
suggests that cybersecurity is still not being given the priority
it deserves, particularly given the substantial disruption, costs
and reputational damage that can flow from a cyber-incident. The
threat of cyber-attacks on British companies is growing, with 2.5
million cyber-crimes reported last year in the UK alone.
Alarmingly, the report reveals that only 30% of firms rated
cyber threats in the top 10 risks to their business, and only 29%
had tried to quantify their cyber exposure.
reported last year, company Boards are well-placed to reduce
the risk of successful cyber-attacks and the ensuing financial and
reputational consequences. The report makes a number of specific
recommendations for individual firms and includes the following
Identify and quantify the main cyber threats.
Maintain an action plan to improve defence and response to
Ensure that data assets are mapped and the actions necessary to
secure them are clear.
Manage supplier, customer, employee and infrastructure cyber
Implement independent testing against a recognised
Ensure the risk-appetite statement provides controls on cyber
Test insurance for its cyber coverage and counter-party
Ensure preparations have been made to respond to a successful
Share cyber insights with peers.
Provide regular Board review material to confirm status on the
Another key recommendation is that the financial services sector
should set up an industry-wide "Cyber Forum" as a
platform for industry participants to informally share important
information and experiences, and help promote a unified response to
cyber threats. The forum would consist of a steering committee of
directors from various financial organisations, and a working group
of information security officers or risk executives.
The report gives UK businesses that are facing increased and
increasing cyber threats with a set of helpful, practical
recommendations to complement (and build upon) their existing
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).