Skip to content
Russia's invasion of Ukraine and the importance of an operational and cyber risk defence

Russia's invasion of Ukraine and the importance of an operational and cyber risk defence

Publications
18 March 2022
Related people
Tom Balogh
Anderson Tom
Image of Marc Teasdale
Tom Balogh
Tom Balogh

Executive Director, A&O Consulting

London
Anderson Tom
Tom Anderson

Executive Director, A&O Consulting

London
Image of Marc Teasdale
Marc Teasdale

Managing Director, A&O Consulting

London
Image of Ricki Gupta
Ricki Gupta

Manager, A&O Consulting

London
Finlayson-Brown Jane
Jane Finlayson-Brown

Partner

London
Johnstone Nikki
Nikki Johnstone

Partner

London
Susanna Charlwood

Partner

London

Headlines in this article

Related news and insights

Publications: 27 March 2024

Increased Focus on Forced Labor in the U.S. and EU: Enforcement and Legislation

Publications: 21 March 2024

Seizing the AI opportunity in Europe

Publications: 28 February 2024

Diverse foreign investment landscape presents challenges for dealmakers

Publications: 28 February 2024

EU Foreign Subsidies Regulation increases M&A regulatory burden

With rapidly evolving developments regarding Russia and Ukraine, the FCA has reiterated that firms need to be vigilant of operational and cyber resilience.

The FCA on 8 March 2022 set out five areas that firms should be watchful of following Russia’s invasion of Ukraine.

  1. Cybersecurity: firms should review the NCSC’s guidance, and consider their ability, as well as that of third-party providers, to withstand a cyber-attack. Appropriate steps should be taken to strengthen security controls, improve staff knowledge and awareness, and review third-party dependencies, alongside ensuring personnel levels are adequate to address increased cyber risk.
  2. Important business services: the impacts of sanctions (UK/US/EU) should be reviewed to ensure they do not impact a firm’s ability, or the ability of their third-party providers, to continue to deliver important business services.
  3. Business continuity and incident management arrangements: firms should ensure formal business continuity and incident management plans and processes exist and are updated, and that responses are comprehensive and coordinated to allow for the firm to continue to meet regulatory obligations should an unexpected event materialise.
  4. Reporting incidents: the FCA have emphasised that quick notification of cyber incidents or outages to the FCA and other UK authorities is extremely valuable during this period, not least to enable them to provide input and mitigate the risk of harm whether to individual consumers or the sector as a whole. The FCA reminds firms to report material operational incidents to the FCA in “a timely way”.
  5. False information: firms should be vigilant of false information that may be circulated during times of unrest, and have a clear and concise response plan readily available to help prevent harm to consumers or market integrity.

The complete FCA publication can be found here.

How we can help

Across our international network, our operational and cyber risk experts can support you during these uncertain times. Please do get in touch with our A&O cybersecurity practitioners, and A&O regulatory consulting advisory practice to learn more about how we support our clients and how we can help you meet the FCA’s expectations during these uncertain times.

Related expertise