Articles & Insights

Strengthening cyber resilience to meet Prudential Regulation Authority (PRA) policies

Cyber resilience is a growing concern for many organizations around the world. In the UK alone, 39% of businesses reported cyberattacks in 2021.

No business is immune to cyber threats, or physical threats to systems or buildings. To address the increasing risk to businesses, the Prudential Regulation Authority required institutions under their regulation to identify their important business services, define, and outline their impact tolerances by March 2022.

Important Business Services (IBS) 


Firms will identify their IBS and identify importance based on “a service being provided to an external end user and having the potential to threaten regulatory objectives in the event of a disruption”.

Impact Tolerances 


Firms will set impact tolerances for their IBS and provide “time-based metrics, and well-defined thresholds, at which the disruption would threaten regulatory objectives”. 

What’s next for PRA-regulated businesses?

PRA-regulated institutions must meet the third and final policy expectation in March 2025. The additional time allows for planning, testing, redefining and improving processes, as well as ensuring the monitoring of risks – cyber, physical, and societal/political.

Mapping and Testing


Firms will be able to demonstrate the ability to stay within their impact tolerances. Testing strategies should be based on relevant risks and vulnerabilities and “inform how firms monitor risks to their operational resilience and increase the maturity of their overall processes”.

How can businesses strengthen cyber resilience?

There are a number of ways businesses can safeguard against a cyber threat and comply with the PRA’s policies using secure technology.

Earlier this year IBM announced their new FlashSystem storage offering, IBM Cyber Vault. Cyber Vault uses IBM FlashSystem Safeguarded Copies to validate and verify copy data so that your IT department knows they are free of corruption.

Safeguard copies are automatically created snapshots giving a point-in-time view, set by the system administrator. These snapshots are designed to be immutable copies, protecting you against ransomware, malware and even the risk of a disgruntled employee. Cyber Vault is constantly running and checking your systems and the snapshots for any changes, running hand-in-hand with your systems.

Cyber Vault has several benefits specific to those working under PRA guidance and towards the 2025 deadline. Combined with your FlashStorage system, Cyber Vault has the potential to reduce your cyber recovery time down to hours, not days. The system alerts you to your corrupted snapshot and it also finds the last unchanged or uncorrupted snapshot to speed up your recovery process.

As a long-standing IBM storage reseller and end-user, with disaster recovery suites across our data centers, Service Express helps you safeguard and minimize risk to your systems and business. We can advise you on the best storage system to partner with Cyber Vault and your current IT estate, as well as how best to set up your Cyber Vault and ensure an almost seamless recovery plan if disaster strikes.

Additional Resources