Cyber resilience is an important concern of the U.K. Financial Conduct Authority (FCA). In furtherance of this focus, in 2017 and 2018, the FCA requested several hundred financial services firms to complete a cross-sector self-assessment survey of their cyber or technological resilience (Cyber Survey). At the same time, the FCA also conducted informal interviews with directors and senior managers of 20 asset management and wholesale banking firms. This article summarizes the key takeaways from the Cyber Survey and its associated findings, including benchmarking insights on incident response and governance, such as questions boards should be asking themselves and effective cyber-risk frameworks. See also “FCA Head of Technology Outlines Regulator’s Cybersecurity Expectations and Three Key Lessons” (Feb. 28, 2018); “Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)” (Jan. 6, 2016); Part Two (Jan. 20, 2016).