A new survey of U.S. investment advisory firms by state securities regulators finds that relatively few firms have experienced a cybersecurity breach.
The North American Securities Administrators Association (NASAA) reports, based on a survey carried out in July, that 4.1% of responding firms indicated that they have experienced a cybersecurity incident; and, just 1.1% say they have experienced a loss or unauthorized access to confidential information as a result.
NASAA surveyed 440 registered investment advisors with assets under management of less than $100 million across nine states. The project was designed to help regulators better understand the technology and data practices of state-registered investment advisors; how these firms communicate with clients; and, the sorts of policies and procedures they use.
The survey also found that 62% of firms say they have undergone a cybersecurity risk assessment, and 77% have policies and procedures related to technology or cybersecurity.
“State securities regulators are very concerned by cybersecurity issues, and are focused on understanding how these issues affect their registrants, the small and mid-sized investment advisors,” said Andrea Seidt, NASAA president and Ohio securities commissioner.
“While the relatively low rate in cybersecurity incidents identified in the pilot survey are encouraging, state securities regulators are aware of the increase in cyber-attacks in the financial services industry, and the importance and associated difficulties of securely maintaining private data,” Seidt said; adding that it expects to begin working toward recommended best practices for dealing with these sorts of issues.