Small Advisories Report Few Cybersecurity Breaches — Maybe Too Few

By Cyril Tuohy

InsuranceNewsNet

A new survey by the North American Securities Administrators Association (NASAA) found that only 4.1 percent of small and midsize state-registered investment advisory firms reported experiencing a “cybersecurity event.”

The survey of 440 registered investment advisors in nine states also found that only 1.1 percent of advisory firms responding said they had experienced a theft, loss or unauthorized use of or access to confidential information.

Independent consultants interviewed in trade publications immediately cast doubt on the data. The consultants said the low numbers may have to do with the fact that many advisors simply aren’t detecting their own data breaches.

Andrea Seidt, NASAA president and Ohio Securities Commissioner, called the low rate of cybersecurity incidents encouraging.

However, she added, “state securities regulators are aware of the increase in cyber-attacks in the financial services industry, and the importance and associated difficulties of securely maintaining private data.”

NASAA said 46.9 percent of survey respondents had assets under management of less than $25 million, 36.7 percent had assets of more than $25 million and 16.3 percent had no assets under management.

The survey also found that 66 percent of the investment advisory firms are spending 3 percent or less of total expenses on information technology security, and that 66 percent of companies are using a third-party vendor to help them with their technology systems.

As many as 23 percent of RIAs report not having confidentiality agreements in place with third-party service providers and 73.3 percent report only using single-factor authentication to secure electronic client records.

Two-factor authentication, which includes a password and another data point, is widely recommended by technology security consultants.

The NASAA survey also found that as many as 62 percent of registered investment advisories have undergone a cybersecurity risk assessment and 77 percent have policies and procedures related to technology or cybersecurity.

NASAA launched the survey in the wake of cybersecurity inspections of more than 50 broker/dealers and registered investment advisors.  These inspections were announced by the Securities and Exchange Commission earlier this year in an effort to improve online security preparedness.

Many well-known brands across varying industries have suffered at the hands of online thieves. The victims of security breaches range from financial services giant JP Morgan Chase to retail chain Target to California State University East Bay.

Cyril Tuohy is a writer based in Pennsylvania. He has covered the financial services industry for more than 15 years. Cyril may be reached at [email protected].

© Entire contents copyright 2014 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

Cyril Tuohy is a writer based in Pennsylvania. He has covered the financial services industry for more than 15 years. He can be reached at [email protected].