Increasing regulatory scrutiny of cybersecurity measures is unsurprising in light of the growing prevalence and awareness of cyber threats in the United States. From Target to Sony, recent high-profi le data breaches have illustrated the potentially severe consequences of a cyber-event and the diversity in the types of attackers (e.g., hacktivists, advanced persistent threats, and criminal rings), motivations (e.g., political activism, theft of trade secrets and other information that can be monetized), and technique (e.g., spear-phishing, zero day exploits, and malware) that give rise to cyber-attacks...

The omnipresent risk that companies face is likely part of what motivated President Obama to identify cybersecurity as a leading threat to national security. As business and digital technology become increasingly integrated, cybercrime, political crime and financial crime merge. Nearly every transaction of substance in the modern economy is conducted in whole or in part online, and registered broker-dealers and investment advisors are in a unique position of vulnerability. Not only do they maintain financial information valuable to opportunistic criminals, but they play a critical role in national and global markets that, if undermined, could result in severe consequences. As a result, an eff ective approach to cybersecurity concerns is particularly important for companies in the securities industry. This article provides an overview of the regulatory backdrop for cybersecurity in the securities industry, and then provides information about how such companies can carefully assess their cyber-risk profile, their appetite for risk, their security measures, and their mechanisms (if any) for transferring the costs of potential cyber events.

Published in Practical Compliance & Risk Management for the Securities Industry. To read the full article, click here.