State Securities Regulators Concerned about Cybersecurity
The North American Securities Administrators Association (NASAA), the consortium of state securities regulators, expressed concern about the rising incidence of cybersecurity deficiencies. Referring to smaller, state-registered advisers as “the low hanging fruit for cybercriminals,” NASAA highlighted cybersecurity deficiencies including lack of testing of vulnerabilities, failure to limit access, internet connectivity, passwords, and lack of insurance. Of the more than 17,000 state registered investment advisers, more than 80% service retail clients and more than 80% are 1-2 person shops. NASAA reported that the five most-commonly cited exam deficiencies related to books and records (59%), registration (49%), contracts (44%), cybersecurity (26%) and fees (21%).
State-registered advisers must get their cybersecurity acts together. NASAA is correct that cybersecurity criminals seek to exploit holes in the system that they find in smaller firms that fail to take industry-recommended precautions. This becomes an industry concern because there are far more state-registered advisers, the front line of the retail wealth management industry.