To safeguard sensitive personal and financial data and assets, and to protect the stability of the financial markets, an industry-wide “security culture” is necessary in the financial services sector. Firms of all sizes and profiles must actively and continually refine their governance, detection and prevention methods in response to the ever-evolving threat. This was the theme of a speech delivered by Nausicaa Delfas, Director of Specialist Supervision for the U.K. Financial Conduct Authority (FCA), at the recent FT Cyber Security Summit. The key points of the speech are directed at financial firms, but offer useful insight into the U.K. regulator’s priorities and advice for any company looking to improve its “security culture.” For a comparison of the FCA and SEC stances on cybersecurity, see our two-part series “Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)” (Jan. 6, 2016); Part Two (Jan. 20, 2016).