Most Firms Have Addressed Cybersecurity Concerns
The SEC’s Office of Compliance Inspections and Examinations released the results of its cybersecurity sweep of 57 broker-dealers and 49 advisers. FINRA also released a companion report. The OCIE staff reports that most firms have adopted information security policies and conduct periodic risk assessments. Although most firms reported that they have been the subject of a “cyber-related incident,” most related to the download of fraudulent emails or malware and involved a small amount of money. The Report also indicates that more broker-dealers (72%) address vendor cybersecurity than advisers (24%). The FINRA report offers some best practices including implementing response plans, staff training, and vendor due diligence.
OUR TAKE: Most firms have adopted cybersecurity policies, so the regulators will quickly fault firms that have not. Also, firms should enhance vendor due diligence about cybersecurity issues.