ACCORDING to Global Banking and Finance Review, Britain’s finance regulator confirmed new incident and third-party reporting rules on Wednesday, giving firms 12 months to prepare for clearer requirements aimed at strengthening resilience against cyber attacks and third-party disruptions. The new rules take effect on 18 March 2027. The changes come after over 40% of cyber incidents reported to the Financial Conduct Authority in 2025 involved a third party, including high-profile outages at Cloudflare and AWS.
The move signals a tightening of reporting obligations to improve transparency and mitigation across the sector. Firms are being urged to align their incident response and third-party risk management with the updated regime as cyber threats continue to surge.