Last week, the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) simultaneously issued reports summarizing cybersecurity examination findings and recommending certain investor precautions. The SEC’s report, based on the results of examinations of more than 100 broker-dealers and investment advisors, made a number of notable findings, including:
• More than two-thirds of investment advisors have experienced cyber-related attacks either directly or through vendors;
• More than 80% of investment advisors have adopted written cybersecurity policies;
• Fewer than one quarter of the investment advisers incorporate cybersecurity requirements into their contracts with vendors or business partners; and
• Fewer than 15% of investment advisors written cybersecurity policies address how the firm will decide if it is responsible for cyber-related client losses.
For additional information and a list of suggested best practices in addressing cybersecurity, please click here.