Ryan Dodd, CEO of Cyberhedge, believes: “The FCA report that asset managers lack fundamental understanding of cyber security risk, while welcome, is simply not strong or good enough. Asset managers are the custodians of critical information, they make key investments in the interests of UK citizens and are paid to understand and assess risks, yet they appear unable to do so—even for their own businesses.

“Investors should be outraged that the professionals entrusted with managing corporations do not understand, and are failing to properly audit what is now a fundamental risk to the viability of organisations across all industries. IT infrastructure and data are now essential businesses assets. Asset managers would never get away with side-lining risk related to financial fraud, so why are they allowed to do so for cyber-related risk?

“The FCA has done well to point out this issue, but it needs to go further. If we break this down to the base level, this is a governance issue and should be managed appropriately, with board-level accountability. The FCA, as the regulator, must demand that asset managers are as rigorous in their understanding and assessment of cyber risk as they are to other regulated areas. A requirement to risk report on the companies they manage, that includes cyber is essential in ensuring that proper governance and management is maintained, and that the British public are protected from poor cyber management fallout.”