Following regulators’ warning that cybersecurity is becoming a focus area, registered investment advisers once again named digital privacy, identity theft and hackers as the hottest compliance topic in 2015.
A strong majority (88 percent) of respondents to an ACA Compliance Group survey named cybersecurity as their top concern, up from 75 percent a year ago.
Roughly 500 registered advisers responded to the survey, roughly half of whom advise private funds, to place cybersecurity ahead of other compliance concerns, such as custody (identified by 18 percent), advertising/marketing (23 percent), fraud prevention (13 percent), disaster recovery (17 percent) and FATCA (12 percent).
Despite cybersecurity being front of mind for compliance professionals, there has been a divergence of strategies to manage the risk. Two out of five respondents reported having a formal, written, standalone cybersecurity program, while another 42 percent have formal cybersecurity policies and procedures that are incorporated into broader programs. About one in ten respondents said they have informal, unwritten cybersecurity policies and procedures.
The Securities and Exchange Commission has been urging GPs to regularly review their IT systems ahead of an expected cybersecurity sweep this summer. In April, the agency released new cybersecurity guidance for registered entities, including specific suggestions on how to implement and manage a cybersecurity program.
Other highlights from the survey include:
• One in three advisors annually review their key vendors cybersecurity readiness, while 40 percent have no formal vendor management review policy at all;
• Only two percent of respondents said they had suffered a “material” cybersecurity breach in the last 18 months;
• 17 percent of advisers have purchased cybersecurity insurance; 70 percent haven’t ever considered purchasing it; and 14 percent said they’re shopping for it but haven’t reached a decision.