Cyber breaches rare among U.S. state-registered investment advisers - study

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://finance.yahoo.com/news/cyber-breaches-rare-among-u-182255926.html

Cyber security breaches are rare among investment advisory firms registered
with U.S. states, but improvements to technology and procedures could still
bolster protection of client information, state securities regulators said
on Wednesday.

Just 4 percent of advisers reported having a "cyber security incident"
during the years in which they have been registered in their respective
states, according to a study by the North American Securities
Administrators Association (NASAA). The incidents were as diverse as
website breaches and hackers impersonating clients via email.

Theft and unauthorized use of confidential data were problems for 1 percent
of advisers, NASAA said.

The study did find problems, however. For example, nearly a third of
advisers that contact clients via email do not send messages through a
secure system that prevents them from being read by hackers and other third
parties. Also, fewer than half of the firms surveyed, or 44 percent, had
policies, procedures and training in place related to cyber security.

State-registered investment advisers account for more than half of the
registered investment advisers in the United States, NASAA said. The group
released the cyber-security study on Wednesday at its annual conference in
Indianapolis.

Financial services firms have been jittery about information security after
several high-profile data breaches at major retailers, including Target
Corp (TGT.N) and Home Depot Inc. (HD.N) JPMorgan Chase & Co (JPM.N) is also
investigating a possible cyber attack, a spokeswoman said on Aug. 29.
[ID:nL1N0QY0S7]

NASAA's study included 440 state-registered investment advisory firms in
nine states. U.S. state securities regulators oversee small and mid-sized
investment advisers who manage up to $100 million. Larger investment
advisers register with the U.S. Securities and Exchange Commission.

Other states are now using NASAA's pilot study to collect information from
advisers in their jurisdictions. NASAA plans to develop guidance for
advisers about cyber security practices based on the results, Valerie
Mirko, NASAA deputy general counsel, said in a telephone interview. NASAA
expects the additional results by yearend, Mirko said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!