FCA Update On COVID–19 and Information Security

On May 6, 2020, the Financial Conduct Authority (FCA) updated its COVID-19 information with its expectations around information security. Read the latest guidance here.

The FCA notes that cyber criminals are exploiting coronavirus related themes during the pandemic to carry out scams. Cyber incidents can cause operational disruptions causing harm to consumers and the integrity of UK markets, as well as threaten firms’ viability and cause instability in the financial system.

Firms have had to adapt to the exceptional circumstances caused by the pandemic. The large number of employees working from home has resulted in online systems becoming increasingly mission critical and consequently exploited by cyber criminals.

The FCA expects firms to prioritize information security and ensure that controls are in place to manage cyber risks and respond to incidents promptly. Firms should:

• Enhance monitoring to protect end points, information and critical processes (including network connections and video conferencing software)
• Be vigilant to the potential increase in security breaches or cyber attacks
• Ensure that they have appropriate governance and oversight arrangements
• Review the impact of COVID-19 on their information systems security defences
• Ensure that the general notification requirements are followed, and significant operational/cyber incidents are reported.