Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Cybersecurity Preparedness Exams Results Are In!
Author: Scarinci Hollenbeck, LLC
Date: February 10, 2015
Key Contacts
Back
The Securities and Exchange Commission (SEC) recently published the results of its cybersecurity preparedness examinations of more than 100 broker-dealers and investment advisers.
The report highlights that while investment firms are increasingly being targeted by cyberattacks, they are also actively taking steps to address the threats. The SEC’s Cybersecurity Preparedness Examination Initiative included 57 registered broker-dealers and 49 registered investment advisers, who were selected by the agency to provide perspectives from a cross-section of the financial services industry and to assess various firms’ vulnerability to cyber-attacks.
Examiners specifically gathered information regarding the firms’ practices for: identifying risks related to cybersecurity; establishing cybersecurity governance; protecting firm networks and information; identifying and addressing risks associated with remote access to client information and funds transfer requests; identifying and addressing risks associated with vendors and other third parties; and detecting unauthorized activity.
Below are some of the SEC’s key findings:
- Cyberattacks are common. A majority of the broker-dealers (88%) and the advisers (74%) stated that they have experienced cyber-attacks directly or through one or more of their vendors.
- The majority of the incidents are related to malware and fraudulent emails. Approximately half of the examined firms reported receiving fraudulent emails seeking to transfer client funds. More than one-quarter of broker-dealers reported losses related to fraudulent emails of more than $5,000; however, no single loss exceeded $75,000. One adviser reported a loss in excess of $75,000 related to a fraudulent email, for which the client was made whole.
- Most firms have written policies and procedures in place. A large percentage of examined broker-dealers (93%) and advisers (83%) have adopted written information security policies. However, few address how firms determine whether they are responsible for client losses associated with cyber incidents.
- Data security is a top concern. Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form.
- Most broker-dealers (93%) and advisers (79%) conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, a much smaller percentage (only 32% of advisers) report that they conduct the same assessments of their vendors.
- The use of cybersecurity insurance varied by industry. More than half of the broker-dealers maintain policies that expressly cover cybersecurity incidents and losses. In contrast, less than one-quarter of the advisers examined maintain cybersecurity insurance.
In connection with the report, the SEC also released an Investor Bulletin that contains tips for protecting online brokerage accounts from fraud. Recommended precautions include picking a strong password, enabling two-factor authentication, avoiding the use of public computers/public wireless connections to access investment accounts, exercising caution when clocking email links, and regularly reviewing account statements for suspicious activity.
- Locations: Red Bank, NJ, Little Falls, NJ
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Related Posts
See all
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Author: Jesse M. Dimitro
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Author: Jesse M. Dimitro
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Author: Scarinci Hollenbeck, LLC
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
Author: Dan Brecher
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
Author: Ronald S. Bienstock
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
Author: Patrick T. Conlon
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Cybersecurity Preparedness Exams Results Are In!
Author: Scarinci Hollenbeck, LLC
The Securities and Exchange Commission (SEC) recently published the results of its cybersecurity preparedness examinations of more than 100 broker-dealers and investment advisers.
The report highlights that while investment firms are increasingly being targeted by cyberattacks, they are also actively taking steps to address the threats. The SEC’s Cybersecurity Preparedness Examination Initiative included 57 registered broker-dealers and 49 registered investment advisers, who were selected by the agency to provide perspectives from a cross-section of the financial services industry and to assess various firms’ vulnerability to cyber-attacks.
Examiners specifically gathered information regarding the firms’ practices for: identifying risks related to cybersecurity; establishing cybersecurity governance; protecting firm networks and information; identifying and addressing risks associated with remote access to client information and funds transfer requests; identifying and addressing risks associated with vendors and other third parties; and detecting unauthorized activity.
Below are some of the SEC’s key findings:
- Cyberattacks are common. A majority of the broker-dealers (88%) and the advisers (74%) stated that they have experienced cyber-attacks directly or through one or more of their vendors.
- The majority of the incidents are related to malware and fraudulent emails. Approximately half of the examined firms reported receiving fraudulent emails seeking to transfer client funds. More than one-quarter of broker-dealers reported losses related to fraudulent emails of more than $5,000; however, no single loss exceeded $75,000. One adviser reported a loss in excess of $75,000 related to a fraudulent email, for which the client was made whole.
- Most firms have written policies and procedures in place. A large percentage of examined broker-dealers (93%) and advisers (83%) have adopted written information security policies. However, few address how firms determine whether they are responsible for client losses associated with cyber incidents.
- Data security is a top concern. Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form.
- Most broker-dealers (93%) and advisers (79%) conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, a much smaller percentage (only 32% of advisers) report that they conduct the same assessments of their vendors.
- The use of cybersecurity insurance varied by industry. More than half of the broker-dealers maintain policies that expressly cover cybersecurity incidents and losses. In contrast, less than one-quarter of the advisers examined maintain cybersecurity insurance.
In connection with the report, the SEC also released an Investor Bulletin that contains tips for protecting online brokerage accounts from fraud. Recommended precautions include picking a strong password, enabling two-factor authentication, avoiding the use of public computers/public wireless connections to access investment accounts, exercising caution when clocking email links, and regularly reviewing account statements for suspicious activity.