Financial advisors and advisory firms are doing more to shore up cybersecurity systems and policies, the SEC found in its recent review of 75 firms.
In the three years since launching its Cybersecurity Initiative, the SEC noted that, in general, advisors were more aware of the risks of cyber attacks and had made many improvements to systems and policies around cybersecurity.
The SEC added, however, that there are several areas where some firms could do more including:
- Improve policies and procedures that offered only general guidance for employees.
- Increase enforcement of the policies, including regular policy reviews.
- Monitor system maintenance closely to ensure that the installation of software patches addresses security issues.
Cybersecurity is a growing concern
IBM research found that the financial services industry was ranked third for industries most targeted by cyberattacks in 2015. A growing number of recent high-profile attacks is certain to elicit more questions from financial services clients about security. In recent months, credit reporting company Equifax made headlines with a July data breach that involved more than 140 million U.S. customers, and only recently, the SEC disclosed that its EDGAR database of corporate disclosure was hacked in 2016.
Most financial advisors are aware of the risks involving cybersecurity, but the level of preparation to manage those risks varies. The Financial Planning Association’s Research and Practice Institute noted that 81% of advisors stated that cybersecurity is a high priority. But only 29% noted they were fully prepared to manage the risks.
Another survey by TD Ameritrade found that only 36% of advisors said their teams “fully understand the issues and risks” of cybersecurity.
How to help clients with cybersecurity preparation
Storage. Talk to your clients about how they store and secure their personal and account information.
Communications. Review how your business or firm communicates with clients, and discuss best practices for email and other online communications regarding their accounts.
System monitoring. Discuss how your business systems are maintained with security updates, and review the services and features that help secure your clients’ account information.
Training of employees on policies and procedures is another underpinning of cybersecurity. According to a 2016 study (Kapersky Labs), careless actions by employees are responsible for 59% of cyberattacks on businesses.