UK finance firms given 12 months to prepare for stricter cyber reporting

Britain’s finance regulator confirmed ​new incident and ‌third-party reporting rules this week, giving ​firms 12 ​months to prepare for ⁠clearer requirements ​aimed at strengthening ​resilience against cyber attacks and third-party disruptions.

The ​new rules, ​which take effect on March ‌18, ⁠2027, come after over 40 per cent of cyber ​incidents ​reported ⁠to the Financial Conduct Authority ​in 2025 ​involved ⁠a third party, including high-profile ⁠outages ​at Cloudflare ​and AWS.