Cyber attacks and data breaches pose a threat of such magnitude to the financial services sector that past attitudes and approaches to cybersecurity are no longer sufficient. To safeguard sensitive personal and financial data and assets, and to protect the stability of the financial markets, an industry-wide “security culture” is necessary. Firms of all sizes and profiles must actively and continually refine their governance, detection and prevention methods in response to the ever-evolving threat. This was the theme of a speech delivered by Nausicaa Delfas, Director of Specialist Supervision for the U.K. Financial Conduct Authority (FCA), at the FT Cyber Security Summit on September 21, 2016. This article highlights the points of the speech most relevant to hedge fund managers. For coverage of additional insight from the FCA, see “FCA Director Emphasizes Regulator’s Focus on Firm’s Culture of Compliance” (Jul. 21, 2016); and “FCA 2016-2017 Regulatory and Supervisory Priorities Include Focus on AML, Cybersecurity and Governance” (Apr. 14, 2016). For a comparison of the FCA and SEC stances on cybersecurity, see our two-part series “Navigating FCA and SEC Cybersecurity Expectations”: Part One (Jan. 7, 2016); and Part Two (Jan. 14, 2016). For further analysis of the SEC’s stance on cybersecurity issues, see “SEC Chief of Staff Outlines Asset Management Initiatives on Cybersecurity and Transition Planning and Emphasizes Robust Enforcement Environment” (Jul. 7, 2016); and “Growing SEC Enforcement of Hedge Fund Managers Requires Greater Focus on Cybersecurity and Financial Disclosure” (Jul. 7, 2016).