Securities regulators in Massachusetts and Illinois are surveying state-registered investment advisers to determine their cybersecurity readiness.
“We're most concerned about the privacy and protection of financial information that the brokers have on their customers,” said Tanya Solov, director at the Illinois Securities Department.
The survey covers the policies and procedures firms have regarding cybersecurity, including types of authentication and hardware, encryption software, electronic backup, arrangements with third party providers, as well as costs and insurance coverage.
“Many of the RIAs are smaller and we want to get their input to see what exactly they feel they have and what they might need,” said William Galvin, secretary of the Commonwealth of Massachusetts. “We want to see what kind of protections are in place and if additional protections are needed, we want to prescribe what they should be.”
In March, the Securities and Exchange Commission convened a forum to help it better assess cybersecurity and discuss ways to protect investors and firms. Participants in a round-table discussion at the forum said investment advisers are experiencing increasing numbers of online attacks.
In April, the SEC issued a risk alert, outlining potential areas it will assess in the area of cybersecurity when it conducts adviser examinations.
“I certainly paid attention to what the SEC is doing. It's an issue that we're concerned about,” said Ms. Solov. “We're going to compile the surveys and look at the information we received. We do expect some guidance to advisers, potentially formal regulations. If necessary, we also expect to conduct on-site examinations.”
Both Massachusetts and Illinois have set June 24 as the deadline for survey responses.