PIMFA
Microsites
> Advisers’ Sustainability Group
> PIMFA Wealthtech
> Talent, Inclusion, Diversity & Equity
> Under 40 Leadership Committee

Cyber
security

Cyber Security

Cyber Security refers to the practices, technologies, and measures required to protect sensitive financial information, systems, and infrastructure from unauthorised access, disclosure, alteration, or destruction. It involves safeguarding firms and individuals against cyber threats such as hacking, data breaches, malware, phishing attacks, and other forms of cybercrime.

  • CYBER SECURITY WORKING GROUP

The PIMFA Cyber Security Working Group shares intelligence, explores a wide range of issues impacting our sector, and develops best practices and guidance.

Previous work includes:

  • Cyber Security Framework mapping
  • Artificial Intelligence (AI) potential impacts on cyber Security
  • Cyber Security when travelling and working from home
  • Reviews of case studies and learnings
  • Cyber Security strategies and culture

If you are interested in joining this member only group, please contact Maria Fritzsche.

View the Cyber Security Working Group

Cyber Incident Good Practice

This guide outlines possible cyber incident scenarios and how to deal with them.

Cyber Security Matters

This guide in collaboration with Mitigo outlines why cyber security should be top of your risk register

Cyber Resilience in Extraordinary Times

This guide outlines how your firm can be cyber resilient.

Cyber Attacks Trends and Reporting

This guide outlines cyber attack trends and how to report them.

Maria Fritzsche
Senior Policy Adviser - Operational Policy, Regulation and Innovation Lead

Click to expand.

latest news

The National Cyber Security Centre (NCSC) Publishes 10 Questions to Ask when using AI models to find Vulnerabilities

The NCSC has outlined 10 critical questions organisations should ask before using AI models to identify vulnerabilities in systems, software, and infrastructure.

The guidance is aimed at helping organisations use AI tools responsibly and safely, particularly in understanding model limitations, data handling and the potential impact on security outcomes. It is intended as a prompt for internal challenge rather than a technical checklist.

It highlights the significance of robust cyber security hygiene, prioritisation of vulnerabilities, and risk consideration, among other factors in effective cyber resilience.

Read more details here.

BoE Speech: Operational Resilience in a Rapidly Changing World

The BoE has published a speech by Liz Oakes (external member of BoE’s Financial Policy Committee).

The speech notes:

  • The importance of operational and cyber resilience in the context of advancing technology and the potential impact of AI on cyber security in the financial sector.
  • Expectations on firms to develop effective risk management frameworks as the first line of defence.

Read the full speech here.

FCA Speech: Working Together against Financial Crime

In a speech delivered at the FCA’s financial crime conference, FCA Chief Executive Nikhil Rathi highlighted the increasingly organised, technology‑enabled and interconnected nature of financial crime and described it as a growing threat to economic stability and trust in the financial system. He stressed that tackling financial crime requires a system‑wide response, including stronger information sharing, smarter use of data and technology, and deeper collaboration between firms, regulators, government and law enforcement.

The speech also emphasised the need for prioritisation, recognising that the scale and speed of financial crime mean resources must be focused on the areas of greatest risk.  

Read the speech here

FCA Cyber Resilience Insights

The FCA has published a set of cyber resilience insights based on discussions held in 2025 with around 140 firms through its Cyber Coordination Group. The insights draw on firms’ real world experience and cover incident response, AI related and quantum cybersecurity risks, as well as insider threat management.

Rather than introducing new regulatory expectations, the publication is intended to support peer learning and practical benchmarking, highlighting both areas of good practice and where common weaknesses continue to arise.

Firms are encouraged to use the insights to challenge and strengthen their own cyber resilience approaches.

PIMFA response to Cabinet Office Consultation: Making Public Services work for you with your Digital Identity

PIMFA have responded to the Cabinet Office Consultation on digital identity.

We support the development of a secure, interoperable national digital identity, though we believe that to deliver meaningful benefits for wealth management and financial advice firms and their clients, the framework should provide clarity on AML/KYC recognition and reliance, support interoperability with private-sector providers and maintain high security and assurance standards.

You can read the response in full here

Almost there...

Complete the quick form below to download the Membership Brochure