Advisors, broker-dealers should review SEC risk alert on ransomware
The SEC’s Office of Compliance Inspections and Examinations issued a risk alert about recent ransomware attacks and offered some best practices for smaller firms for dealing with ransomware incidents. We recommend reviewing the agency's recent alert, as well as its 2014 guidance,
Based on a recent review of 75 registrants, the OCIE recommends that firms perform a cyberrisk assessment, conduct penetration and vulnerability tests, and ensure software maintenance including adequate software patches.
The OCIE staff also stressed the importance of developing a “rapid response capability” after it found widespread deficiencies among advisors during its review: 57% did not conduct penetration and vulnerability testing and 26% did not conduct periodic risk assessments of critical systems.
Cybersecurity has become one of the most significant compliance issues facing investment management firms. CCOs and their bosses must take action to address outside threats.
In 2016, the SEC brought a record 868 cases, including 173 against broker-dealers and advisers and 159 against investment companies.May 16