PRA messaging around firms’ operational resilience to cyber threat

Download IconDownload Print IconPrint

PRA messaging around firms’ operational resilience to cyber threat

Blog WilmerHale W.I.R.E. UK

In May the PRA’s Lyndon Nelson gave a speech about the development of the Regulator’s response to cyber risk. In his speech he:

  • made clear that the PRA’s approach is focused on the testing of firms’ resilience to cyber risk and the use simulation exercises to rehearse responses to cyberattacks
  • Noted the high detection rate of inadequate cyber hygiene across the PRA’s testing
  • Indicated that the PRA plans to extend its cyber stress testing and simulation exercises beyond the largest firms
  • Noted how the composition of attacks has shifted towards the exploitation of third-party/outsourced relationships, which has highlighted the likely future additional exposure where a firm uses a “patchwork” of its own services and outsourced providers.

Commentary

For firms getting to grips with the PRA and FCA’s policy statements on operational resilience, published in March 2021, these comments may not come as a great surprise. However, as acknowledged by Nelson one of, if not the, most significant challenges posed by operational and cyber resilience is likely to be around outsourced services and technology. He noted the connection between the size and market dominance of an outsourced service provider and its systemic vulnerability.

Related Solutions

A global team handling highly complex and sensitive matters in all aspects of litigation.
Multinational companies, corporate executives, high-ranking public officials and in-house counsel rely on our preeminent practice and depth of experience when facing complex and challenging criminal and regulatory investigations.
Uncompromising defense of corporations and individuals in high-profile and complex litigation and investigations.

More from this series

Explore the Full Series

Notice

Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.

I Accept Cancel