Thirty-two percent of broker-dealers polled in a just-released cybersecurity survey experienced a cybersecurity incident in 2013 or 2014, with a large portion of them (86%) also stating they carry cyber-insurance and have policies covering costs related to cyber-incidents attributable to vendors.
The law firm Sutherland Asbill & Brennan and the Financial Services Institute surveyed 39 FSI broker-dealer members on their use and protection of mobile devices, cybersecurity governance, technical safeguards, customer authentication as well as their vendor management.
Brian Rubin, a partner at Sutherland in Washington, noted that the SEC, by contrast, found that 88% of broker-dealers and 74% of investment advisors experienced a cybersecurity incident during the same 2013 to 2014 time period.
Rubin says the lower number of cyber incidents among FSI BD members may suggest they are "not major targets for cyberattacks" or that "some firms have been the subject of benign incidents but haven't realized it yet."
As media reports have noted, even big companies that spend millions of dollars on cybersecurity "have gone months before learning about incidents," Rubin notes.
The survey of 39 BDs (92% of which were dually registered as BDs and investment advisors and ranged in size from fewer than 100 registered reps to more than 2,000) found that 88% of the firms utilize email encryption, while 88% of them automatically update their antivirus software.