The SEC's Office of Compliance Inspections and Examinations (OCIE) issued a risk alert on Feb. 3 detailing the results of its "Cyber Security Examination Sweep." As part of OCIE's Cyber Security Examination Initiative, adopted last year, OCIE staffers conducted sweeping examinations of a small sampling of SEC-registered financial services – specifically, 57 broker-dealers (representing fewer than 2% of all SEC-registered broker-dealers) and 49 investment advisers (representing fewer than 1% percent of all SEC-registered investment advisers). These examinations took place in 2013 and 2014.
In addition to collecting information on each firm's cyber security risk and governance, OCIE staff surveyed key employees on their respective firms' cyber security history and practices. The purpose of the Sweep, in part, appears to have been to establish an informational baseline for the US financial services industry – while signaling to private and public sector alike just how much work is left to be done. The results of the Sweep were decidedly mixed. There is plenty of cyber security awareness, education, and improvement needed in the financial services sector. Still, the results are not all bad; the findings show that there may be hope for the industry yet.
On the following pages, we break down the best of the good news, and the worst of the bad news, from the OCIE's examination.
Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio