As a sector, financial services is seen as a number one target for cyber hackers. From the value of the data that financial services hold to the multitude of third party providers servicing the sector, it is clear that financial firms are aware of the cyber threat and the effects it may have on their organisation and the wider sector.
What is less well understood, however, is the importance of operational resilience in the sector. An organisation's ability to prevent, respond to and recover from an operational disruption, whether cyber-related or not, can have a systemic impact on the whole financial services sector. The interconnectedness of the sector means that firms across the board have a shared interest in the different threats facing them, including cyber, which is a reason as to why the sector has begun embarking on a journey to build the sector's operational resilience.
In July 2018 the Bank of England published its paper on ‘building the UK financial sector’s operational resilience’, stressing that the sector needed an approach to operational risk management that included preventative measures to adapt and recover to an attack. Regulators in the UK have also emphasised the importance of treating cyber security as an integral part of operational resilience, with both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) clear in stating that cyber security and operational resilience were a priority for them.
This session will therefore look at the topic of operational resilience within the financial services sector and assess how the sector, collectively, approaches different risks including cyber risk management.
Matthew Field, Senior Public Policy Manager, Digital, HSBC
Ali Kazmi, Partner, EY