Operational Resilience: 12-Point Security Checklist For Financial Planners 

In an increasingly complex and interconnected business landscape, operational resilience has become a main focus for the financial sector.  

The Financial Conduct Authority (FCA) has recognised this importance and has outlined a set of principles to guide firms in building operational resilience frameworks, particularly when it comes to cyber security.  

In this blog, we will delve into how cyber security can help financial planners to ensure operational resilience, giving you the knowledge you need to take action and protect your organisation. We will also discuss the benefits of outsourcing your cyber and IT security to experts and address the significance of managing supply chains effectively.  

Plus, at the end we tell you how you can get access to our FCA-based operational resilience 12-point checklist, specifically designed with financial planners in mind. 

What is operational resilience?  

Before we dive in, let’s discuss what operational resilience actually means.  

Operational resilience is the ability for businesses or organisations to carry on delivering critical services in the face of threats. In a world where everything is becoming more and more digitalised, cyber security is a big player in enabling organisations to do this. 

What is Principle 11? 

Under the FCA’s regulatory framework, Principle 11 highlights the importance of FCA approved organisations working with them to disclose incidents in a timely manner.  

Incidents can include a significant loss of data, the unavailability or loss of control of your IT systems, unauthorised access to your information system or an incident that impacts a substantial number of customers. 

How can I boost my cyber security to ensure operational resilience within my own organisation? 

Great question – we have a triple pronged answer for you. 

Build strong processes 

Effective cyber security relies on well-defined processes that encompass prevention, detection, response, and recovery from potential cyber threats. Establishing robust procedures, such as regular vulnerability assessments, incident response plans, and data back-up strategies, helps to identify and mitigate risks promptly.  

Regular audits and reviews of security policies and procedures are also essential to keep pace with evolving threats and ensure the continued effectiveness of the cybersecurity measures in place. 

Whilst processes can be hard to get into place, there are guidelines and even certificate which can help you. The National Cyber Security Centre (NCSC) refer to Cyber Essentials and Cyber Essentials Plus as a certification that looks at five key controls for cyber resilience. These key controls are: 

  • Firewalls 
  • Secure configuration 
  • User access control 
  • Malware protection 
  • Patch management 

When implemented correctly, the NCSC says that these controls can prevent up to 80% of cyber-attacks.  

Another widely used certificate is ISO27001. ISO 27001 certification takes into account all information, even that which isn’t on digital systems like paper, whereas Cyber Essentials only protects data that is contained on networks, computers, and some IT infrastructure. With this in mind, they’re perfect for complementing each other and offering additional cyber security.  

Ensure people are your first line of defence  

People are the heart of any organisation, and their role in operational resilience should not be underestimated. Cyber security awareness training is vital to educate employees about the importance of security practices, such as strong passwords, recognising phishing attempts, and handling sensitive information responsibly.  

By fostering a security-conscious culture, organisations can empower their employees to be the first line of defence against cyber threats. Encouraging employees to report any suspicious activities or incidents promptly helps in early detection and containment of potential threats, strengthening operational resilience. 

Don’t forget about regular cyber security training too. This landscape is constantly evolving, with criminals taking advantage of new technology and searching for weak links, so training should never be a one stop shop.  

Use technology  

Unsurprisingly, technology plays a central role in cyber security and operational resilience. It’s vital that your organisation implements strict security measures, such as firewalls, intrusion detection systems, and encryption protocols, to protect critical systems and data from unauthorised access.  

Regular software updates and patches ensure that vulnerabilities are addressed quickly, reducing the risk of them being taken advantage of. Deploying advanced threat detection solutions, such as intrusion prevention systems and behaviour-based analytics, enhances an organisation’s ability to identify and respond to emerging threats. Additionally, investing in user authentication solutions, such as multi-factor authentication, adds an extra layer of protection against unauthorised access attempts. 

Supply chains 

When it comes to cyber security, it can be easy to overlook supply chains, in fact only 14% of businesses monitor risks from suppliers. 

To ensure operational resilience, organisations must evaluate the cybersecurity posture of their suppliers and partners. Conducting due diligence assessments and establishing cybersecurity requirements as part of procurement processes are essential.  

Collaboration with suppliers to enhance their security practices and establish incident response protocols can also help to prevent and mitigate potential cyber incidents. By strengthening the cyber security defence of the entire supply chain, organisations can reduce the risk of disruptions caused by cyber threats.  

Outsourcing to experts 

We get it – cyber security can be very overwhelming. As a financial planner you’ll already have a lot on your plate, which is why we recommend letting the experts step in. Collaborating with cyber security service providers can offer a range of benefits, including access to advanced technologies, specialised skills, and round-the-clock monitoring and support.  

Outsourcing enables organisations to focus on their core competencies while taking advantage of the expertise of professionals dedicated to safeguarding their digital assets. It ensures that the organisation’s cyber security defences are strong and up to date, boosting operational resilience. 

To help boost your cyber security, we’ve put together an FCA-based 12-point checklist designed with financial planners in mind, that you can use to help you tick off all areas of cyber security.

Click here to download your free checklist and protect your organisation.