FCA Cyber Attacks and Principle 11 Reporting

“Under Principle 11,you must report material cyber incidents.”

You may consider an incident material if:

  • it results in significant loss of data, or the availability or control of your IT systems
  • it impacts a large number of victims
  • it results in unauthorised access to, or malicious software present on, your information and communication systems

Source: Cyber resilience | FCA