The UK Government has recently unveiled plans for tougher cybersecurity laws, aimed at bolstering the nation’s defences against rising cyber threats. While the primary focus is on critical sectors such as energy, healthcare and transport, the broader message is clear: cyber resilience is now a regulatory and operational priority for all firms, particularly those operating within the financial services sector.
New Legislation, Growing Threats
The announcement outlines updates to the UK’s Network and Information Systems (NIS) Regulations, with increased obligations and new enforcement powers granted to the Information Commissioner’s Office (ICO). The changes reflect the increasing frequency and sophistication of cyber-attacks across the UK, reinforcing the Government’s push to ensure essential services (and those that support them) are adequately protected.
The State of Cybersecurity in the UK
According to the UK Government’s Cyber Security Breaches Survey 2024:
- 32% of UK businesses experienced a cyber-attack or breach in the past 12 months
- This figure jumps to 59% for medium-sized businesses and 69% for large organisations
- The average cost of a cyber breach for a medium-sized business was £5,220
These figures underscore the reality that no sector is immune. For firms operating in regulated environments, the operational, financial and reputational consequences of a breach can be even more significant.
The Regulatory Context: Operational Resilience and the FCA
In parallel to the Government’s legislative changes, UK regulators have made it clear that cyber resilience forms a core component of a firm’s overall operational resilience framework. The FCA, PRA, and Bank of England have each emphasised the importance of identifying vulnerabilities, testing important business services, and maintaining the ability to respond and recover from disruption—including cyber incidents.
Failure to do so not only increase the likelihood of regulatory scrutiny but could also lead to breaches of key obligations under the FCA’s Principles for Businesses and SYSC rules, including those covering risk management, governance, and outsourcing.
How Complyport Can Help
At Complyport, we understand the intersection between regulatory obligations and practical risk management. We work with firms across the financial services industry to ensure they are prepared, resilient and compliant.
Our services include:
- ✅ Cybersecurity Health Checks – Identify current vulnerabilities and gaps
- ✅ Operational Resilience Assessments – Align with FCA expectations and map important business services
- ✅ Third-Party Risk Reviews – Evaluate cybersecurity risks in your supply chain and outsourcing arrangements
- ✅ Policy & Procedure Support – Develop or enhance internal cyber and resilience documentation
- ✅ Regulatory Advisory – Stay ahead of evolving FCA, PRA and UK cyber requirements
Time to Act
The regulatory landscape is shifting quickly. The cost of inaction (whether financial, regulatory or reputational) continues to grow. Firms must be proactive in understanding and managing their cyber risks as part of a wider operational resilience strategy.
If you haven’t conducted a cybersecurity or operational resilience assessment recently, now is the time. Complyport is here to support you.
Contact us today to arrange a consultation or learn more about our cybersecurity and resilience services.
Ask ViCA, your Virtual Compliance Assistant.
Access instant answers on regulatory changes.
Claim your complimentary 20 queries today! Register here: https://vica.chat
