The UK Financial Conduct Authority has introduced updated rules designed to give financial services firms greater clarity on which cyber incidents to report and when, aiming to strengthen sector-wide cyber and business resilience, reports Infosecurity Magazine.
The changes respond to industry feedback that organizations are often uncertain about reporting requirements and what information to provide. FCA Director Mark Francis stated that "resilience is being tested like never before" amid growing cybersecurity threats and increasing third-party dependencies, emphasizing the updates "give firms clearer rules and practical guidance to better manage disruption."
The new regime creates a streamlined reporting portal with the Prudential Regulation Authority and Bank of England, removes duplicated reporting for payment service providers and credit rating agencies, and simplifies requirements to a short form for most firms.
Clearer guidance addresses thresholds, definitions, and responsibilities. The focus on third-party risk is critical: 40% of incidents reported to the FCA in 2025 involved third parties, citing recent AWS and Cloudflare outages affecting the industry. This aligns with DORA and the UK's pending Cyber Security and Resilience Bill. Firms have 12 months to prepare, with the regime effective Mar. 18, 2027.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
