Financial Companies in Britain Urged to Prepare for Severe Scenarios
LONDON (Reuters) – Financial companies in Britain must prepare to ensure they can deliver business services in "severe but plausible" scenarios, such as a global tech outage, to minimize any impact on consumers and markets, the markets regulator said on Thursday.
In a statement outlining lessons learned after U.S. cybersecurity firm CrowdStrike (NASDAQ:CRWD)'s botched software update caused global chaos in July, the Financial Conduct Authority (FCA) stated that unregulated third-party problems were the leading cause of operational incidents reported between 2022 and 2023.
CrowdStrike's popular core technology, the Falcon platform, detects and responds to malicious threats. However, an outage on July 19 led to worldwide flight cancellations and affected industries including banks, healthcare, media companies, and hotel chains.
The FCA, which checked in with firms over the incident to understand its impact, noted that consumer harm had been minimal. However, it mentioned that companies had until March 2025 to ensure they could withstand such events.
The FCA called on companies to consider several steps, including:
– Ensuring that testing scenarios are adequate
– Improving third-party risk controls
– Ensuring contracts clearly outline responsibilities for service monitoring, incident notification, and updates during and after incidents.
"We encourage all firms, regardless of how they were affected by the CrowdStrike incident, to consider these lessons, to improve their ability to respond to and recover from future disruptions," the FCA said.
Comments (0)