Not All Firms May Be Ready to Tell Cyberattackers to “Go Ahead Make My Day”
Two reports on cybersecurity compliance issued during 2014, a preliminary unofficial report of findings from the SEC’s cybersecurity sweep and the North American Securities Administrators Association (“NASAA”) report on the findings of its cybersecurity survey of state-registered “small and mid-sized” investment advisors contain excellent insight into how firms are protecting themselves from the threat of a cyberattack. The SEC’s preliminary findings appear to be encouraging: “the ‘vast majority’ of firms to conduct ‘firmwide inventories’ of electronic resources (hardware, software, data), and to maintain written security policies and conduct periodic risk assessments.” Similarly, NASAA’s survey shows that small and mid-sized state-registered IAs generally appear to be taking cybersecurity seriously. However, NASAA’s survey also reveals a number of cybersecurity shortcomings. For more information about the results of the SEC and NASAA reports, check out this article.