Cyber security is a growing concern for investors and brokerage firms. In response to this problem, the Securities and Exchange Commission has issued two reports aimed at educating investors on ways they can protect their investments. SEC Chair, Mary Jo White observes that “Cyber security knows no boundaries. That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”
The first of the two reports, titled “A Risk Alert from the SEC’s Office of Compliance Inspections and Examinations (OCIE),” examines observations from over 100 broker dealers and investment advisers. The goal of this study was to identify specific cyber security risk, examine the policies, procedures and processes being used to protect client information and ways to detect unauthorized activity. OCIE Director, Andrew Bowden states, “Our examination assessed a cross-section of the industry as a way to inform the Commission on the current state of cyber security preparedness.” The hope is that by making this information accessible to investors and industry professionals they will be better equipped to protect their online accounts.
The second publication, issued by the SEC’s Office of Investor Education and Advocacy (OIEA), offers several tips investors can use to safeguard their online investments. OIEA Director Lori J. Schock says, “As investors increasingly use web-based investment accounts, it is critical that they take steps to safeguard those accounts.” The three most important steps investors can take are:
- Pick a “strong” password
- Use two-step verification
- Exercise caution when using public networks and wireless connections
In addition, investors and brokerage firms are urged to purchase cyber security insurance. This type of insurance helps mitigate losses from cyber incidents such as data breaches, business interruption and networking damage. Unfortunately, many companies either do not take the risk of cyber attack seriously or mistakenly believe that the costs of this coverage outweighs its benefits. These reports reiterate that data is just as valuable as many physical assets and must be protected.