On February 3, 2015, the Securities and Exchange Commission released a report (the “Summary”) detailing the results of its examination of the cybersecurity practices of 57 registered broker-dealers and 49 registered investment advisers. The Summary illuminates many areas of cybersecurity programs that may merit additional attention and improvement for broker-dealers and investment advisers. Notably, the broker-dealers consistently had a higher adoption rate for practices described in the Summary than investment advisers. Below are a few of the Summary’s critical findings:
Action Item: It can be beneficial for any broker-dealer or investment adviser to review the Summary and compare its cybersecurity practices against the results to identify strengths and weaknesses in a company’s current cybersecurity practices, controls and procedures. By leveraging this information to enhance their own programs, broker-dealers and investment advisers can help ensure they are reducing their risk of a cyber-attack and improving their ability to respond to an attack.If you have any questions or would like additional information, please contact a member of the Data Privacy & Information Security Practice at Ulmer & Berne LLP.