Today, the Securities and Exchange Commission released publications addressing cyber security at brokerage and advisory firms and provide suggestions to investors on ways to protect their online investment accounts.
“Cyber security threats know no boundaries. That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC,” said SEC Chair, Mary Jo White. “Through our engagement with other government agencies as well as with the industry and educating the investing public, we can all work together to reduce the risk of cyber attacks.”
One publication, a Risk Alert from the SEC’s Office of Compliance Inspections and Examinations (OCIE), contains observations based on examinations of more than 100 broker-dealers and investment advisers.
The examinations focused on how these firms:
- Identify cyber security risks
- Establish cyber security policies, procedures, and oversight processes
- Protect their networks and information
- Identify and address risks associated with remote access to client information, funds transfer requests, and third-party vendors
- Detect unauthorized activity
“Our examinations assessed a cross-section of the industry as a way to inform the Commission on the current state of cyber security preparedness,” said OCIE Director, Andrew Bowden. “We hope that investors and industry participants will also benefit from what we have learned.”
The second publication, an Investor Bulletin issued by the SEC’s Office of Investor Education and Advocacy (OIEA), provides core tips to help investors safeguard their online investment accounts. which include:
- Picking a “strong” password
- Using two-step verification
- Exercising caution when using public networks and wireless connections
“As investors increasingly use web-based investment accounts, it is critical that they take steps to safeguard those accounts,” said OIEA Director Lori J. Schock. “This bulletin provides everyday investors with a set of useful tips to help protect themselves from cyber-criminals and online fraud.”
Cyber security insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cyber security insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.
Many companies do not proceed with available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack as stated by the Department of Homeland Security.
Cyber security insurance can easily integrate with existing insurance for business and both first and third party coverage is available. Data can be companies most valuable asset and with cyber attacks increasing, it is necessary to protect yourself especially when data files are filed with confidential information.