Sutherland Asbill & Brennan LLP and the Financial Services Institute (FSI) have recently completed a survey of FSI members concerning cybersecurity issues. The survey consisted of responses from 39 broker-dealers (92 percent of which were dually registered as investment advisers), ranging from fewer than 100 registered representatives to more than 2,000.
Sutherland is an international legal service provider helping sector innovators and business entrepreneurs solve their biggest challenges and reach their goals. Additionally, FSI advocates on behalf of independent financial advisors and independent financial services firms. Since 2004, through advocacy, education and public awareness, the organization has promoted a more responsible regulatory environment for over 37,000 independent financial advisors, and 100 independent financial services firms who represent upwards of 160,000 affiliated financial advisors.
“As data breaches continue to generate headlines and as regulators continue to focus on these issues during examinations, firms are coming under increasing pressure to have reasonable practices to protect customer information,” said Brian Rubin, a partner in Sutherland’s Securities Enforcement and Litigation group.
This survey covered a variety of topics, including the use and protection of mobile devices, cybersecurity governance, technical safeguards, customer authentication and vendor management. Among the survey’s findings, 32 percent of the surveyed firms experienced a cybersecurity incident in 2013 or 2014, 86 percent of the surveyed firms that carry cyber-insurance have policies covering costs related to cyber-incidents attributable to vendors, 88 percent of the surveyed firms utilize email encryption, 88 percent of the surveyed firms automatically update their antivirus software and 100 percent of the surveyed firms terminate third parties’ system access once they have completed their work.
“Our survey is an important step in understanding the current cybersecurity state of play among independent contractor broker-dealers. We look forward to continuing to work with FSI and its members to develop best practices for keeping customer information safe,” explained Rubin.
According to Rubin, there are a number of steps that firms might consider taking to help protect their sensitive data and to help defend them from after-the-fact second guessing by the regulators. He emphasized that there is no one-size-fits-all cybersecurity program, but firms could consider implementing several policies.
These policies include: updating policies and procedures to address cybersecurity-related issues; conducting self-assessments of cybersecurity readiness; keeping current on recent cyberattacks in the financial services and other industries; maintaining and updating antivirus, antimalware, and antispyware software on all stationary and mobile devices; protecting and inventorying mobile devices; understanding the cybersecurity practices of vendors that have access to sensitive information and analyzing whether to purchase cyber-liability insurance.