20 May 2016

Launch of “Cyber and the City: Making the UK financial and professional services sector more resilient to cyber attacks”

This article was written by Ian Hargreaves (partner) and Robert Bolgar-Smith (associate).

"In the 2007 credit crisis – a once in-a-generation event – not one UK bank failed thanks to the simple, fast-acting remedies of cash and capital injection. In contrast, a large-scale cyber attack that renders bank systems or data unusable has no such quick fix for a finance minister or central banker to deploy" - Mark Weil, Chair of TheCityUK Cyber Taskforce.

Cybersecurity continues to create headlines and its importance has never before been appreciated as much as it is now in the board meetings of companies of all sizes, sectors and jurisdictions. There remain, however, a number of companies who still see cybersecurity as an IT issue – this is incorrect and should be a cause of concern for their stakeholders, including shareholders, employees and customers.

TheCityUK, an industry body focussed on the UK financial and related services industry, and Marsh, a leading insurance brokering and risk management firm, recently launched their “Cyber and the City” report which seeks to appraise the current risks facing the financial services industry and to put forward recommendations (available here). While cybersecurity is a concern for companies of all sizes, the financial sector attracts additional attention due to (a) the prevalence of money and sensitive data, (b) public profile and (c) to the economy, which are the focus of criminals, “hacktivists” and terrorists/hostile states respectively.

"50% of CEOs believe that they have insurance cover for cyber attack … policy analysis suggests that only 10% do" - Cyber and the City Report

The “Cyber and the City" report provides a number of recommendations for both individual firms and for the financial sector as a whole which we would advise reviewing. In particular, the report emphasises the need for companies to share details of cyber incidents and best practices across the industry. At present, due in part to PR concerns, companies tend to refuse to talk openly about their concerns, current practices and any cyber incidents they have suffered. This is of significant assistance to cyber criminals of all stripes since it allows them to continue exploiting weaknesses which could otherwise have been patched.

The report also focuses on the need for individual companies to consider the cyber risk from a broad range of perspectives including their HR, business and management teams. First, they need to be aware of what data they hold, who has access to it and what the risks are – this includes data which could be stolen but also data which is critical to the company's business and could be corrupted or encrypted (i.e. by ransomware). Secondly, they need to implement policies to improve their defences, including training their employees on how to recognise threats. Finally, companies need to prepare and practice incident recovery plans – how would you respond if all your customer data was leaked? Would you pay a ransom if all your company’s files were irrecoverably encrypted?

Cyber threats, and the companies that face them, are ever changing. Companies’ cyber policies and incident response plans need to be dynamic and regularly updated. Software needs to be patched. New employees and contractors need to be trained. We can work with companies and their service providers to assess potential risks and prepare, implement and practice incident recovery plans to mitigate the risks of a cybersecurity breach.

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    We highlight the key litigation news of Q3 2019.

    02 October 2019

    Our experts give their top 10 predictions about international arbitration in 2028

    19 November 2018

    Parties doing business with foreign States should think carefully about the doctrine of state immunity.

    15 September 2016

    Partners James Walsh and Ian Hargreaves discuss the world’s first inter-governmental initiative on cybersecurity.

    02 August 2016

    You may also be interested in...

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.