A new report published today by TheCityUK and Marsh, a leading global insurance broker and risk adviser, argues that firms across the financial and related professional services industry need to take urgent action on cyber risk.
There were a reported 2.5 million cyber crimes in the UK last year, the majority of which were various forms of fraud with the loss typically borne by the financial sector. City firms have the data, money and profile to attract the full range of attackers including those seeking to undermine the financial system. Reputation and reliability are shared assets and argue for firms working collectively to reinforce the financial system’s resilience. That will protect services that are critical to the UK economy as well as ensuring that the UK remains a secure global financial centre.
The report – ‘Cyber and the City’ – recognises the significant effort invested by UK authorities to encourage action on cyber risk. It finds that while larger institutions are engaged on cyber security, there is an opportunity for the industry and individual firms to enhance cyber security and resiliency after cyber breaches. Survey evidence from Marsh supports the fact that too few firms are tackling cyber in a cohesive way: only 30% of large firms have it as a top ten risk, only 39% have quantified the risk and just 30% have a response plan to a breach occurring.
‘Cyber and the City’ recommends that Boards should hold management responsible for cyber risksinstead of their IT departments and provides ten simple questions that management should consider.According to the report, since 95% of all cyber incidents involve human error, people and processes matter as much as technology when it comes to managing cyber threats.
‘Cyber and the City’ further recommends the creation of a City-wide cyber forum to promote collaboration across all firms within the financial and related professional services industry. The forum would seek broader and committed support for cyber management and the many existing initiatives that are running. Its agenda would include encouraging information and best-practice sharing, working on cyber risk aggregation and system recovery and helping to develop a strong UK cyber security sector.
Chris Cummings, Chief Executive, TheCityUK, said,
Cyber-crime isn’t a problem of the future, it’s a very real threat today. There is no silver-bullet to manage it, but there are practical steps the industry, and the customers we serve, can take to ensure we’re well protected against attack. Cyber hygiene should be as commonplace as locking the windows and doors when you leave the house. It is essential for the industry and the continued attractiveness of the UK as a safe place to do business that we tackle this issue head on and make the UK a centre of excellence for cyber security.