- Cybersecurity Is a Top Concern
- May 6, 2014 | Authors: Peter D. Fetzer; Terry D. Nelson
- Law Firms: Foley & Lardner LLP - Milwaukee Office ; Foley & Lardner LLP - Madison Office
Cybersecurity has become a top concern of the customer service sector as well as regulators of securities broker-dealers and investor advisers. The SEC recently announced that it would be examining 50 registered broker-dealers and investment advisers to test for cybersecurity preparedness.
Since the Target Corp. security breach earlier this year, both the securities industry and its regulators have taken a more proactive approach in order to better understand the vulnerability of the industry and how the industry is addressing those vulnerabilities. The Financial Industry Regulatory Authority (FINRA) commenced a similar effort earlier this year when it asked member firms to respond to questionnaires addressing their cybersecurity preparedness initiatives.
According to a recent report from the Federal Bureau of Investigation and Department of Homeland Security, about 3,000 companies experienced security system breaches in 2013.
The 50 registered broker-dealer and investment advisers to be examined by the SEC for cybersecurity preparedness also received a request for information and documents designed, in part, to assist registrants in their compliance efforts.
Experts in the cybersecurity area have stated recently that the securities industry is extremely vulnerable to cybersecurity attacks and that attempts by the industry to address such vulnerabilities are probably, for the most part, ineffective. According to such experts, the industry will need to come up with new technology security programs that can more effectively respond to cyber threats and to report more immediately when a breach occurs.
The SEC suggests that firms employ a “risk-based approach” to the cybersecurity threat instead of relying upon ineffective approaches applied previously. Cyber hackers are looking for personal information about customers of broker-dealers and investment advisers. The SEC will conduct the exams of the 50 registrants to determine how accessible that information is to hackers and what can and should be done to thwart those hackers from obtaining customer personal information.
For those registrants who are not examined, it is believed that once the SEC makes public the results of the examinations and release of “best practices,” the entire industry should benefit.