As cybersecurity remains a priority for regulators around the globe, fund managers must take into account regulatory expectations and guidance when positioning themselves against and responding to potential cyber attacks. See our two-part series on how hedge fund managers can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape
” (Dec. 3, 2015); and “A Plan for Building a Cyber-Compliance Program
” (Dec. 10, 2015). In a recent speech, Robin Jones, Head of Technology, Resilience & Cyber at the U.K. Financial Conduct Authority (FCA) outlined ways for fund managers and other firms to build effective cyber capability and accountability, protect critical information, detect cyber attacks and respond quickly and effectively to any attempted breaches. This article highlights the main provisions in his speech, including three key lessons fund managers can learn from the high-profile cyber attacks that have taken place within the past year. For more on the FCA’s views on cybersecurity, see “FCA Director Lays Out Expectations for Cybersecurity of Financial Services Firms: Identification of Cyber Risks, Detection, Firm Preparedness and Information Sharing
” (Sep. 29, 2016); and our two-part series “Navigating FCA and SEC Cybersecurity Expectations”: Part One
(Jan. 7, 2016); and Part Two
(Jan. 14, 2016).