Not surprisingly, nearly all broker-dealers (88 percent) and investment advisers (74 percent) reviewed had experienced cyber attacks, including fraudulent emails and malware. As a general rule, most broker-dealers (93 percent) and investment advisers (83 percent) had written information security policies in place. Many of these based their security framework on published cybersecurity risk management standards, such as those published by the National Institute of Standards and Technology (NIST), the International Organization for Standardization (ISO) and the Federal Financial Institutions Examination Council (FFIEC). It is no surprise that third-party risk assessments, reporting and information sharing, and cybersecurity insurance are the most discussed topics in this review.
Click here to read the full alert.