The SEC says many financial advice firms are falling short when it comes to cybersecurity, with investment advice firms being less prepared than broker-dealers, Reuters writes.
As part of its second stage of cybersecurity exams initiated in 2014, the SEC analyzed 75 firms and found that 26% of the companies don’t conduct risk assessments on a continuous basis and 57% of the firms fail to carry out vulnerability and penetration tests with simulated attacks on critical systems, according to the newswire.
Skipping such procedures exposes financial advice firms and their clients to cyberthreats such as the WannaCry ransomware attack earlier this year that hit networks in more than 100 countries, Reuters writes.
The SEC has concluded that investment advice firms have had more issues with cybersecurity than broker-dealers, according to the newswire. On the other hand, the SEC learned that almost all investment advisors practiced regular system maintenance as part of their cybersecurity process, namely by consistently installing security patches, Reuters writes.
Only 4% of the companies examined were missing essential patches or updates, according to the newswire. MORE