PIMFA
Cyber Security
Cyber Security refers to the practices, technologies, and measures required to protect sensitive financial information, systems, and infrastructure from unauthorised access, disclosure, alteration, or destruction. It involves safeguarding firms and individuals against cyber threats such as hacking, data breaches, malware, phishing attacks, and other forms of cybercrime.
- CYBER SECURITY WORKING GROUP
The PIMFA Cyber Security Working Group shares intelligence, explores a wide range of issues impacting our sector, and develops best practices and guidance.
Previous work includes:
- Cyber Security Framework mapping
- Artificial Intelligence (AI) potential impacts on cyber Security
- Cyber Security when travelling and working from home
- Reviews of case studies and learnings
- Cyber Security strategies and culture
If you are interested in joining this member only group, please contact Maria Fritzsche.
Maria Fritzsche
Senior Policy Adviser - Operational Policy, Regulation and Innovation Lead
Click to expand.
latest news
Financial Conduct Authority (FCA) publishes its first Technology Horizon Scan Report for Financial Services
The Technology Horizon Scan report highlights how emerging technologies such as AI and distributed ledger technologies (DLT) could combine to create new opportunities and associated risks for consumers, firms, and markets. The report is not intended as regulatory guidance, but as an aid to facilitate informed debate and knowledge-sharing across the UK’s financial service ecosystem.
Key themes include the rise of AI tools and agents in personalised intelligence, growing financial crime risks from the speed and scale of AI deployment and the expansion of programmable finance using DLT, tokenisation, and digital currencies.
The report outlines a significant opportunity for UK firms to harness these technologies to drive innovation, strengthen cyber resilience and deliver better outcomes for consumers and markets.
Read the full report here.
Frontier AI and Cyber Security: National Cyber Security Centre Guidance for Organisations
The National Cyber Security Centre (NCSC) has published guidance outlining how frontier AI is accelerating the discovery and exploitation of vulnerabilities, increasing the speed, scale and accessibility of cyberattacks.
While these developments lower the barrier to entry for sophisticated threats, the guidance also highlights the potential for AI to strengthen defensive capabilities when deployed effectively.
For firms, key considerations include:
- Embedding strong cyber security fundamentals, which remain the primary defence against both traditional and AI enabled threats
- Ensuring board level ownership of cyber risk, with sustained focus, oversight and investment
- Establishing clear governance over emerging technologies such as agentic AI, particularly in relation to system and data access
- Considering how AI can support defence, including faster identification and remediation of vulnerabilities
Firms that prioritise cyber resilience and treat AI adoption as a controlled and strategic decision will be better positioned to manage emerging risks.
Read the full guidance here.
The National Cyber Security Centre (NCSC) Publishes 10 Questions to Ask when using AI models to find Vulnerabilities
The NCSC has outlined 10 critical questions organisations should ask before using AI models to identify vulnerabilities in systems, software, and infrastructure.
The guidance is aimed at helping organisations use AI tools responsibly and safely, particularly in understanding model limitations, data handling and the potential impact on security outcomes. It is intended as a prompt for internal challenge rather than a technical checklist.
It highlights the significance of robust cyber security hygiene, prioritisation of vulnerabilities, and risk consideration, among other factors in effective cyber resilience.
Read more details here.