GBAF Logo
Finance

UK watchdog tightens cyber incident reporting rules as attacks surge

Published by Global Banking & Finance Review

Posted on March 18, 2026

1 min read

· Last updated: April 1, 2026

Add as preferred source on Google
UK watchdog tightens cyber incident reporting rules as attacks surge
Finance Banking cybersecurity Regulation
Global Banking & Finance Awards 2026 — Call for Entries

March 18 (Reuters) - Britain's finance regulator confirmed new incident and third-party reporting rules on Wednesday, giving firms 12 months to prepare for clearer requirements aimed at strengthening

UK Regulator Introduces Stricter Cyber Incident Reporting Rules for Finance Firms

Overview of New Cyber Incident Reporting Rules

Regulator Confirms New Requirements

March 18 (Reuters) - Britain's finance regulator confirmed new incident and third-party reporting rules on Wednesday, giving firms 12 months to prepare for clearer requirements aimed at strengthening resilience against cyber attacks and third-party disruptions.

Effective Date and Rationale

The new rules, which take effect on March 18, 2027, come after over 40% of cyber incidents reported to the Financial Conduct Authority in 2025 involved a third party, including high-profile outages at Cloudflare and AWS.

Reporting and Attribution

(Reporting by Yamini Kalia in Bengaluru)

Key Takeaways

  • Strengthened rules define reportable operational incidents and require disclosure of material third‑party arrangements to regulators and impacted firms (fca.org.uk)
  • Rules align with global standards on phased incident reporting and build on the Critical Third Parties regime effective since Jan 2025 (bankofengland.co.uk)
  • Recent major disruptions—such as Cloudflare’s June outage caused by a third‑party storage failure and AWS‑linked congestion in August—underscore the urgent need for clearer reporting and preparedness (blog.cloudflare.com)

References

Frequently Asked Questions

What new rules has the UK finance regulator confirmed?
The UK finance regulator has confirmed new incident and third-party reporting rules for finance firms to strengthen cyber resilience.
When will the new cyber incident reporting rules take effect?
The new rules will take effect on March 18, 2027, giving firms 12 months to prepare.
Why are these rules being implemented?
The rules are being implemented because over 40% of cyber incidents reported in 2025 involved a third party, including notable outages.
Which companies were affected by recent third-party disruptions?
High-profile outages affected companies including Cloudflare and AWS.
What is the goal of the new FCA reporting requirements?
The goal is to strengthen resilience against cyber attacks and third-party disruptions in the finance sector.

Tags

Related Articles

Image for Trump tells Fox News Iran can call US if it wants to negotiate

Trump tells Fox News Iran can call US if it wants to negotiate

Image for Australia's Wong to visit Japan, China, South Korea to discuss energy security

Australia's Wong to visit Japan, China, South Korea to discuss energy security

Image for Hungary's Magyar to meet EU's von der ​Leyen for talks on EU funds this week

Hungary's Magyar to meet EU's von der ​Leyen for talks on EU funds this week

Image for Switzerland angers Italy by claiming costs of treating Crans-Montana fire victims

Switzerland angers Italy by claiming costs of treating Crans-Montana fire victims

Image for Russian defence minister visits North Korea

Russian defence minister visits North Korea

Image for Fertiliser plant in Russia's Vologda region damaged in Ukrainian drone attack, governor says

Fertiliser plant in Russia's Vologda region damaged in Ukrainian drone attack, governor says

More from Finance

Explore more articles in the Finance category

Image for Close Brothers will not take legal action against Britain's car finance redress scheme, Sky News reports
Close Brothers will not take legal action against Britain's car finance redress scheme, Sky News reports
Image for Germany's far-right AfD rises to record 28%, INSA poll shows
Germany's far-right AfD rises to record 28%, INSA poll shows
Image for German government suspects Russia of Signal attack targeting politicians, sources say
German government suspects Russia of Signal attack targeting politicians, sources say
Image for Romania finds parts of second drone after overnight Russian attack on Ukraine
Romania finds parts of second drone after overnight Russian attack on Ukraine
Image for China condemns EU's inclusion of Chinese entities in sanctions package against Russia
China condemns EU's inclusion of Chinese entities in sanctions package against Russia
Image for Russian parliament speaker in North Korea to mark Pyongyang's troop deployment in Ukraine war
Russian parliament speaker in North Korea to mark Pyongyang's troop deployment in Ukraine war
Image for Macron reaffirms efforts to reopen Strait of Hormuz, as TotalEnergies warns of energy shortages
Macron reaffirms efforts to reopen Strait of Hormuz, as TotalEnergies warns of energy shortages
Image for France's Macron says EU mutual assistance clause is unambiguous
France's Macron says EU mutual assistance clause is unambiguous
Image for US to let Venezuela pay Maduro's lawyer in drug trafficking case
US to let Venezuela pay Maduro's lawyer in drug trafficking case
Image for Italy votes down equal parental leave while fathers redefine their role online
Italy votes down equal parental leave while fathers redefine their role online
Image for German auto industry faces even tougher competition as China economy slows
German auto industry faces even tougher competition as China economy slows
Image for Romania says drone fragments damage property during overnight Russian attack on Ukraine
Romania says drone fragments damage property during overnight Russian attack on Ukraine
View All Finance Posts