The Financial Services Authority (FSA) is to lead a government benchmarking scheme to produce guidance on cyber security for the financial services sector.
Asked about steps to produce guidance on cyber security for the financial services sector at a parliamentary questions session last week, Greg Clark, financial secretary to the Treasury and MP for Tunbridge Wells, said that the Treasury is working closely with the Bank of England and the FSA (as well as with other Government departments and agencies) to ensure that cyber risks are better understood and to promote cyber security in the finance sector.
He said: “This includes a benchmarking programme, led by the FSA, to identify cyber and technology practices of 30 major financial institutions which, once concluded, will result in the publication of an updated Business Continuity Management Practice Guide and discussion paper so that all firms in the sector can learn from the exercise.”
Ed Rowley, product manager at Trustwave, said that the news ‘should be welcomed with open arms'.
“With this backing, the findings of the report should be extremely interesting. It will prove to be essential reading, not only for companies in the financial services sector, but for any organisation conducting business online – even if they only have a website solely for marketing purposes,” he said.
“This is a great example of an independent political approach that does not rely on restrictive legislation, preferring instead to offer advice based on research and experience gleaned from some of the companies that are consistently targeted by cyber criminals.”
In an email to SC Magazine, Paul Midian, consultancy director at Information Risk Management, said: “What is great about this initiative is that a cyber risk assessment is being linked to business continuity. In the past there hasn't been a strong link between security (prevention) and continuity (correction) as there perhaps should have been.
“A benchmarking exercise is always useful, but it begs the question what are they benchmarking against? Furthermore, given that it is only being carried out within one sector, one must ask ‘will the results not all be broadly similar, as the banks tend to know what they are doing? What would be beneficial for UK PLC as a whole is for the FSA to share the methodology for carrying out the benchmarking, so that other organisations can compare themselves with the financial sector.”