Speaking at the FCA’s annual public meeting yesterday (July 17), Megan Butler said the number of incidents reported to the regulator had increased to 916 for the year 2018-19 from 229 the year before.
She added the regulator expected this to be an increasing trend, but more to do with a rise in the number of incidents being reported rather than the number of breaks themselves.
However, Ms Butler told the conference the reported incidents showed a change in the nature of breaks and the type of failures firms should be prepared for.
For instance, a substantial number of new reports were about technology failures, rather than cyber attacks, as well as management and responsibility issues.
She said: "An increasing proportion of operational resilience failings are based around technology and within that, we are seeing hardware and software failures becoming increasingly importance.
"This is not surprising given what we see in terms of the technology changes in the industry and the use of software within these firms."
Ms Butler told the meeting that other key issues revolved around change management problems — adapting to the speed and complexity of changing technology risk — as well as third parties contracted to perform certain duties.
She said: "This is consistent with what we see of firms' own views of where they see risk in this area.
"Firms call out problems relating to key assets in cyber security being complicated as well as managing change."
Key assets in cyber security typically include hardware such as servers and software such as support systems as well as confidential information and personal data.
She added that firms often told the FCA they struggled to know the risks associated with third party suppliers about what was safe to use in terms of cloud-based technology and who to monitor.
Ms Butler also told the meeting the industry should expect greater international coordination on operation resilience, saying it was an area where "the more regulation coordination the better" due to the number of firms who operated cross-border.
She said the FCA and other regulators were "very focused on operating in this area in a joined up way".
Operational resilience for financial services firms was a key part of the FCA’s 2019-20 business plan, which highlighted outsourcing, third parties and change management as vital issues affecting the industry.
