Bad News: No Liability Plans
It's nice that broker-dealers and investment advisers have policies and procedures in place for prevention of – and in some cases recovery from – a data compromise. But the vast majority of those examined by the OCIE have failed to consider a fundamental aspect to the cyber-attack post-mortem: Figuring out who is going to pay for it.
Just over half of the examined broker-dealers (58%) – and a mere 21% of the examined investment advisers – maintain a cyber insurance policy. And cyber insurance is but the beginning when it comes to good cyber liability planning.
Further, 70% of broker-dealers and 87% of investment advisers have no written provisions whatsoever for how to determine their own liability for client losses. Only a tiny percentage of the organizations examined (15% of broker-dealers, 9% of investment advisers) offer their clients any security guarantees against cyber losses whatsoever.
(Image Source: Geralt via Pixabay)