Hot Button Cybersecurity Issues 2018

Hot Button Cybersecurity Issues 2018

By: Cliff Neve, COO & Managing Partner, MAD Security and Ellen McCarthy, Managing Director and Chief Compliance & Risk Officer, VMS, LLC. This article highlights the criticality of effective cybersecurity programs in light of recent incidents and regulatory scrutiny by such entities as the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the New York State Department of Financial Services (NYDFS), among others. In a very recent incident, between August 21, 2018 and September 5, 2018, a data breach occurred at British Airways. Cybercriminal hackers were able to gain access to British Airways systems, stealing names, email addresses, and credit card information (including credit card numbers, expiration dates, and card verification codes) relating to approximately 380,000 transactions in which British airways customers made or changed bookings on the British Airways website. To combat such cybersecurity incidents, the SEC, FINRA, the NYDFS, and other regulators have undertaken the challenge of evaluating the readiness of regulated entities such as investment advisors, investment companies, broker-dealers, banks, insurance companies, trust companies, and transfer agents to prevent cyberattacks and mitigate cyber risk. The regulators have issued guidelines designed to help transfer agents and other companies guard against attack, mitigate financial and reputational risk, and avoid enforcement action and regulatory fines. For the last several years, the SEC and FINRA have included cybersecurity among their top five examination priorities. Further, the NYDFS enacted 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies, noting specifically: “Given the seriousness of the issue and the risk to all regulated entities, certain regulatory minimum standards...