BEWARE OF CYBER THREAT TO CONSUMER DUTY
Do you know poor cyber security can be seen as a breach of the Consumer Duty regulations?
The legislation requires firms to prevent foreseeable harm and a cyber incident could lead to the theft of personal data, a fraudulent transaction or even ransomware halting the delivery of services.
B-Compliant director, Vicky Pearce, said: “Hackers and data breaches are some of the biggest risks to the financial sector, yet they often go unacknowledged. We are urging firms to think about cyber security as part of their operational resilience. This includes recognising their responsibilities to consumers, recording the risks to data and closing any gaps that could lead to harm.”
Not only will a material cyber incident breach the FCA’s SYSC rules, under Consumer Duty, if a firm is unable to continue providing a reasonable level of support in the event of an issue with their services, including a cyber-attack, this is also likely to result in poor consumer support outcomes and lead to a firm breaching the cross-cutting rule to avoid foreseeable harm.
We are recommending firms create and test an incident response plan and think about how they will support and communicate with consumers in the event of a cyber attack. You should also review and enhance data privacy and governance, strengthen IT infrastructure and ensure any third parties, with whom you share client information, have good IT security.
Vicky added: “We want firms to realise hackers aren’t just targeting big names. Everyone within the sector is fair game and SMEs in particular can be seen as low hanging fruit, as they are thought to have less infrastructure and controls in place.
“Firms need to ask themselves what they would do in the event of a cyber attack. Start with a risk assessment to identify any potential weaknesses and how they may impact the delivery of good outcomes, then take appropriate action to improve resilience.”
We have a raft of support available for firms wishing to review their cyber security measures. For more information, telephone (0161) 521 8641 or email: firstname.lastname@example.org