What we think

What we think

We will be using this page to share our thoughts on the latest regulation, thought leadership, incidents, threat updates and industry reports. If you would like to discuss any of our posts, please get in touch.

Our Thoughts:

  • Last month, our Chairman Paul Taylor FREng participated in a Crisis Management panel for KPMG’s industry collaboration forum i4, which featured Paddy McGuiness, Tracey Pretorius and Nick Shah. The panel was a huge success and one of the forum’s best attended events. A useful prompt for our third blog post in our Operational Resilience series - with our thoughts on the importance of Crisis Management exercising in light of the new FCA/PRA Operational Resilience Policies and how firms can take their often-well-established exercising programmes to the next level. ...

    07 May, 2021

  • The second blog post in our Operational Resilience series focuses on scenario testing. Firms are defining anywhere between 30-50 important business services, with some of the more complex multinational firms identifying over 100. The prospect of scenario testing this number of impact tolerances against a variety of severe but plausible scenarios is a daunting task. Luckily the regulators have recognised this and, in the Policy, released just before Easter, have granted firms a longer compliance window than the initial 12 months laid out in the consultation paper. The blog focuses on how firms can use the wealth of data they already have from historic events to understand their existing resilience and prioritise testing for those important business services with the least supporting evidence. ...

    16 April, 2021

  • The PRA, FCA and Bank of England released their Operational Resilience Policy last week, which set the clock ticking on the 12-month compliance window. A key principle in the Policy is that firms should set impact tolerances for important business services which are consumer focused and transcend inevitable organisational silos. Organisations who adopt a collaborative approach with engagement across the business are more likely to identify all possible consumer harms that inevitably stack up in a severe incident. Firms will inevitably experience incidents which impact more than one important business service at a time, so assessing how impacts aggregate and consumer harm materialises is vital to understanding impact tolerances. Our latest blog post offers some practical insights into just how to set tolerances....

    07 April, 2021

  • I think we can all agree the last year or so has been tough, but it seems there is light at end of the tunnel with several vaccines being rolled out around the world, providing a much needed spark of optimism for 2021. Whilst many will be glad to see the back of 2020, the year provided us several lessons, both personally and professionally. Register below to receive our first white paper, written by Alicia Waite, our Associate Director and titled Pragmatic Resilience, it summarises some of these learnings, explores upcoming regulation in 2021 and outlines our approach to operational resilience....

    14 January, 2021

Newsletters:

  • After a brief summer break, the Beyond Blue newsletter is back! In this month’s issue, we begin by reflecting on how prioritising your organisation’s operational resilience can help shape and improve operating models, in the financial sector and beyond. We also attempt to cut through the hype and jargon to get clear on what the Quantum computing revolution means for large enterprises with complex cryptographic estates. Finally, we share some initial thoughts on the Treasury’s recent policy statement on critical third parties....

    23 September, 2022

  • In this month’s newsletter: as the EU Commission’s draft Digital Operational Resilience Act (DORA) consultation approaches finalisation, we take a look at what DORA means for firms and consider how it relates to other resilience regulations such as the v/FCA’s Operational Resilience Framework. We also reflect on the emergence of cybercriminal gangs such as Lapsus$, consider what constitutes best practice in API security, and discuss what’s next for Operational Resilience implementation programmes....

    09 June, 2022

  • In this month’s newsletter, we take a look at the cyber activity that’s played out in the conflict in Ukraine thus far and consider what this might mean for organisations in the West. We also cast an eye over Samsung’s recent string of cyber issues, reflect on how best to manage the risk posed by ransomware attacks, and look ahead to some of the challenges emerging for boards from the Bank of England’s Operational Resilience framework....

    11 April, 2022

  • In our first newsletter, we reflect on the fallout from the emergence of the Log4j vulnerability and consider how it will likely shape the key themes of the cyber security industry in 2022. We also take stock as the deadline for compliance with the operational resilience regulations looms, consider the value of practice to organisational resilience, and reflect on the potential influence of the EU's forthcoming AI regulation....

    02 March, 2022

  • This month's newsletter is dominated by the recent events in Ukraine. In our headline piece, we consider how a resilience-based mindset can help organisations manage the heightened uncertainty and risk from the cyber domain following heightened tensions between Russia and the West. We also reflect on how UK national resilience might be affected by the Government's proposed changes to the Network Security and Information (NIS) regulations, consider the importance of third-party concentration risks for operational resilience, and take a look at one of the most promising recent developments in security engineering....

    02 March, 2022

Insights:

  • In our latest ‘Insights’ piece we collaborated with our alliance partner Redstor to discuss the challenges around backup and recovery and what should be considered best practice. Managing data confidentiality, integrity and availability is not an easy process. We discuss the available solutions and approaches, and consider how these can make your organisation more resilient and ensure your most important data is better protected....

    01 September, 2022

  • The highly interconnected nature of the financial services sector renders the challenge posed by third-party and supply chain resilience acute. In this latest article, we consider certain key strategies the sector might adopt to address these concerns and how these might help UK financial institutions to facilitate implementation of the FCA/PRA’s Operational Resilience regulations....

    09 June, 2022

  • In our latest bulletin, we reflect on the lessons we've learned whilst developing and implementing Operational Resilience scenario testing programmes for our financial services clients. Amongst other things, we consider good practice methodology, some commonly made mistakes, and what to expect from the next phase of testing....

    22 March, 2022

  • In our February Bulletin, we share some of our takeaways from the UK Government's ambitious new National Cyber Strategy, launched in December....

    02 March, 2022

Subscribe to our ‘What We Think’ mailing list

To be the first to hear about Beyond Blue’s future blog posts and events, please submit your details below.