What we think

What we think

We will be using this page to share our thoughts on the latest regulation, thought leadership, incidents, threat updates and industry reports. If you would like to discuss any of our posts, please get in touch.

Our Thoughts:

  • Last month, our Chairman Paul Taylor FREng participated in a Crisis Management panel for KPMG’s industry collaboration forum i4, which featured Paddy McGuiness, Tracey Pretorius and Nick Shah. The panel was a huge success and one of the forum’s best attended events. A useful prompt for our third blog post in our Operational Resilience series - with our thoughts on the importance of Crisis Management exercising in light of the new FCA/PRA Operational Resilience Policies and how firms can take their often-well-established exercising programmes to the next level. ...

  • The second blog post in our Operational Resilience series focuses on scenario testing. Firms are defining anywhere between 30-50 important business services, with some of the more complex multinational firms identifying over 100. The prospect of scenario testing this number of impact tolerances against a variety of severe but plausible scenarios is a daunting task. Luckily the regulators have recognised this and, in the Policy, released just before Easter, have granted firms a longer compliance window than the initial 12 months laid out in the consultation paper. The blog focuses on how firms can use the wealth of data they already have from historic events to understand their existing resilience and prioritise testing for those important business services with the least supporting evidence. ...

  • The PRA, FCA and Bank of England released their Operational Resilience Policy last week, which set the clock ticking on the 12-month compliance window. A key principle in the Policy is that firms should set impact tolerances for important business services which are consumer focused and transcend inevitable organisational silos. Organisations who adopt a collaborative approach with engagement across the business are more likely to identify all possible consumer harms that inevitably stack up in a severe incident. Firms will inevitably experience incidents which impact more than one important business service at a time, so assessing how impacts aggregate and consumer harm materialises is vital to understanding impact tolerances. Our latest blog post offers some practical insights into just how to set tolerances....

  • I think we can all agree the last year or so has been tough, but it seems there is light at end of the tunnel with several vaccines being rolled out around the world, providing a much needed spark of optimism for 2021. Whilst many will be glad to see the back of 2020, the year provided us several lessons, both personally and professionally. Register below to receive our first white paper, written by Alicia Waite, our Associate Director and titled Pragmatic Resilience, it summarises some of these learnings, explores upcoming regulation in 2021 and outlines our approach to operational resilience....

Newsletters:

  • In this month’s newsletter, we take a look at the cyber activity that’s played out in the conflict in Ukraine thus far and consider what this might mean for organisations in the West. We also cast an eye over Samsung’s recent string of cyber issues, reflect on how best to manage the risk posed by ransomware attacks, and look ahead to some of the challenges emerging for boards from the Bank of England’s Operational Resilience framework....

  • In our first newsletter, we reflect on the fallout from the emergence of the Log4j vulnerability and consider how it will likely shape the key themes of the cyber security industry in 2022. We also take stock as the deadline for compliance with the operational resilience regulations looms, consider the value of practice to organisational resilience, and reflect on the potential influence of the EU's forthcoming AI regulation....

  • This month's newsletter is dominated by the recent events in Ukraine. In our headline piece, we consider how a resilience-based mindset can help organisations manage the heightened uncertainty and risk from the cyber domain following heightened tensions between Russia and the West. We also reflect on how UK national resilience might be affected by the Government's proposed changes to the Network Security and Information (NIS) regulations, consider the importance of third-party concentration risks for operational resilience, and take a look at one of the most promising recent developments in security engineering....

Bulletins:

  • In our latest bulletin, we reflect on the lessons we've learned whilst developing and implementing Operational Resilience scenario testing programmes for our financial services clients. Amongst other things, we consider good practice methodology, some commonly made mistakes, and what to expect from the next phase of testing....

  • In our February Bulletin, we share some of our takeaways from the UK Government's ambitious new National Cyber Strategy, launched in December....

Subscribe to our ‘What We Think’ mailing list

To be the first to hear about Beyond Blue’s future blog posts and events, please submit your details below.