Customers put at risk due to bosses’ lack of security awareness
Many customers could have their personal data left at risk of data breaches because senior executives in the companies they do business with do not understand the cyber security dangers they face.
The is according to the Financial Conduct Authority (FCA), which has been undertaking a review of the issue within asset management and financial firms. It found that although all the firms it focused on recognise the importance of strong cyber security, there is a wide variation when it comes to understanding of how weak security measures can impact their business activities, which could lead to harm for themselves and their customers.
It noted that awareness is particularly poor at board and management committee levels, as well as within firms where there are no specific cyber security strategies in place.
Even where plans do exist, some firms do not consider non-technical consequences of a cyber security incident, such as the impact an attack would have on their reputation, their clients and the wider market.
To tackle these issues, the FCA said senior executives must do more to better understand the risks associated with their business activities. This will be especially important in organisations that have centralised management structures.
They should also make efforts to change their organisational cultures to ensure that cyber security is seen as an enterprise-wide issue and not merely a matter for the IT department.
The FCA said: "Having an independent owner for cyber, or an ownership model that is not solely made up of IT staff, can enable challenge and deliver incident management and recovery plans which reflect the impact of cyber more widely than just that on systems and technology."
It also noted that some companies in the financial services sector have turned to third-party firms to offer independent advice on how to approach cyber security.
While the regulator stated this may be an effective way of helping the board upskill their security capabilities without the need to hire a dedicated board member, companies should make sure they do not become over-reliant on their services.
The FCA said this could affect firms' development of their own in-house cyber capabilities and reduce boards' longer-term ability to objectively assess their security environment.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.