Cyber breaches rare among U.S. state-registered investment advisers -study

Reuters
Updated
A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal Langsdon

By Suzanne Barlyn

(Reuters) - Cyber security breaches are rare among investment advisory firms registered with U.S. states, but improvements to technology and procedures could still bolster protection of client information, state securities regulators said on Wednesday.

Just 4 percent of advisers reported having a "cyber security incident" during the years in which they have been registered in their respective states, according to a study by the North American Securities Administrators Association (NASAA). The incidents were as diverse as website breaches and hackers impersonating clients via email.

Theft and unauthorized use of confidential data were problems for 1 percent of advisers, NASAA said.

The study did find problems, however. For example, nearly a third of advisers that contact clients via email do not send messages through a secure system that prevents them from being read by hackers and other third parties. Also, fewer than half of the firms surveyed, or 44 percent, had policies, procedures and training in place related to cyber security.

State-registered investment advisers account for more than half of the registered investment advisers in the United States, NASAA said. The group released the cyber-security study on Wednesday, ahead of its annual conference next week in Indianapolis.

Financial services firms have been jittery about information security after several high-profile data breaches at major retailers, including Target Corp and Home Depot Inc. JPMorgan Chase & Co is also investigating a possible cyber attack, a spokeswoman said on Aug. 29.

NASAA's study included 440 state-registered investment advisory firms in nine states. U.S. state securities regulators oversee small and mid-sized investment advisers who manage up to $100 million. Larger investment advisers register with the U.S. Securities and Exchange Commission.

Other states are now using NASAA's pilot study to collect information from advisers in their jurisdictions. NASAA plans to develop guidance for advisers about cyber security practices based on the results, Valerie Mirko, NASAA deputy general counsel, said in a telephone interview. NASAA expects the additional results by yearend, Mirko said.

(This story has been corrected to show in the fifth paragraph that the study was not released at the annual conference, which is next week)


(Editing by Peter Galloway)

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories