In the technology industry, one metaphor that comes up repeatedly is the idea of the ecosystem — the notion that no technology firm or solution exists in a vacuum, but that they are all connected, benefiting from the experience, innovation and brainpower of their peers, vendors and clients, even as various parts of the system compete against each other. The ecosystem works together to address new opportunities, develop better solutions and identify new threats.
This idea is becoming more and more important in the financial services world as well.
We all have heard the news recently about major corporations and government agencies that were victimized by determined and sophisticated hackers despite impressive security measures and budgets established to deter such threats. It should be obvious by now that no single company in our industry, acting on its own, is going to be successful in warding off cyberattacks and protecting clients' sensitive information without the input and combined vigilance of the entire network of advisers, broker-dealers, clearing firms, product sponsors and others in the financial services ecosystem.
(More: Identity theft hits home)
In my InvestmentNews blog last month, I mentioned some of the activities and resources the Financial Services Institute is bringing to bear to address this serious challenge as part of our first Cybersecurity Awareness Month, which is currently underway.
The first was a comprehensive survey we conducted with Sutherland Asbill & Brennan. The survey queried several aspects of our members' cybersecurity governance, including their vendor management, technical safeguards, cyber policies and procedures.
In addition, FSI is providing access to webinars and white papers from several of our sponsors, and our Cybersecurity Task Force is working diligently with our members to understand the issues they are confronting in the data security arena and facilitate discussions on how to address them.
RAPIDLY EVOLVING ISSUES
Many of the questions our task force and sponsors have encountered so far deal with rapidly evolving issues that no individual firm would be able to keep up with over the long term, such as:
• What threats might arise from outsourcing a particular component of a firm's back-office processing?
• What is the optimal structure for a cybersecurity insurance policy, and how will it vary from firm to firm?
• How can firms ensure that their security standards are being applied across the full range of mobile devices that may have access to their network?
• What are the current best practices for conducting due diligence on a third-party vendor's data security measures or on the cybersecurity features of a specific product?
• How can firms demonstrate that they have made a good-faith effort to protect their clients' data given the rapidly changing cybersecurity environment?
• And — maybe most importantly — where should firms be investing their data security budget right now?
Even for advisers and firms who have a solid handle on these questions, the sobering fact is that the answers could change next week.
As the cybersecurity landscape evolves, the roles of the Financial Industry Regulatory Authority Inc., the Securities and Exchange Commission and other regulators in helping to protect clients' critical personal and financial information are evolving as well.
Going forward, members of our industry will need to be aware not only of the wide range of potential threats to their networks and systems, but of changing guidelines regarding data collection, storage and retention. Standards for risk assessment, technical controls, incident response planning, vendor management and many other disciplines will continue to become more stringent and more complex.
Just as advisers tell their clients not to succumb to “analysis paralysis,” though, financial services firms cannot afford to sit on the sidelines or to wait for a hacker-proof data security solution. The more effective response — both for individual firms and their clients — is to recognize that each member of our industry is in this together.
As cybersecurity issues continue to become more complex, the best solution will be more robust and more frequent communication between advisers, firms and all the various components of our industry. Our industry's ability to respond to the challenge of data security will hinge on its success in coming together to continuously learn and identify solutions.
Yes, hackers and data thieves are evolving and becoming more aggressive all the time. By working together, however, we can ensure that the financial services ecosystem continues to grow, adapt and become stronger as well.
Dale Brown is president and chief executive of the Financial Services Institute Inc.