Small advisers struggle with cybersecurity demands of regulators

Many state-registered investment advisers think they are too small to be on criminals' radar

Cybersecurity remains a top concern of registered investment advisers, but smaller firms are struggling to keep up.

State securities regulators are concerned about a growing number of deficiencies related to cybersecurity at state-registered investment advisers, firms with no more than $100 million in assets under management. In the first half of 2019, state regulators found cybersecurity deficiencies in 26% of their examinations, up from 23% during the last series of coordinated examinations in 2017, according to a report from the North American Securities Administrators Association.

The most common problems were a lack of vulnerability testing, insufficient procedures around securing devices and internet connectivity, weak passwords and having no, or inadequate, cybersecurity insurance. MORE