SEC alerts advisers on WannaCry ransomware cyberattacks

Regulator stresses vulnerability testing and timely system upgrades.
MAY 17, 2017

The Securities and Exchange Commission staff issued a cybersecurity alert to broker-dealers, advisers and investment funds Wednesday in the wake of the pervasive ransomware cyberattack over the past five days known as "WannaCry." The alert from the Office of Compliance Inspections and Examinations emphasized the importance of firms conducting penetration tests and vulnerability scans on critical systems and stressed the necessity of upgrading systems on a timely basis. The ransomware attack that was unleashed last week was especially damaging because it had a mechanism to spread through networks, looking to infect other computers that hadn't been updated to stop the worm. The regulator said it doesn't expect firms to anticipate and prevent every cyberstrike, but it highlighted the importance of thinking about these issues in advance of an incident. (More: Cyberattack should prompt advisers to ask their IT professionals hard questions) "Appropriate planning to address cybersecurity issues, including developing a rapid response capability, is important and may assist firms in mitigating the impact of any such attacks and any related effects on investors and clients," the alert said. WannaCry infects computers with malicious software that encrypts users' files and demands payment to regain access to the data. The ransomware attack hit more than 200,000 computers in 150 countries in recent days. (More: Online security ETFs surge in face of cyberattacks) The SEC staff alert said a recent OCIE examination of 75 firms found that 5% of broker-dealers and 26% of advisers and investment funds did not conduct periodic risk assessments of critical systems to uncover vulnerabilities, potential business consequences and other cybersecurity threats. The alert also recommended firms review the U.S. Department of Homeland Security's Computer Emergency Readiness Team's warning about cybersecurity actions firms might want to consider in reaction to the latest ransomware incident.

Latest News

The 2025 InvestmentNews Awards Excellence Awardees revealed
The 2025 InvestmentNews Awards Excellence Awardees revealed

From outstanding individuals to innovative organizations, find out who made the final shortlist for top honors at the IN awards, now in its second year.

Top RIA Cresset warns of 'inevitable' recession amid tariff uncertainty
Top RIA Cresset warns of 'inevitable' recession amid tariff uncertainty

Cresset's Susie Cranston is expecting an economic recession, but says her $65 billion RIA sees "great opportunity" to keep investing in a down market.

Edward Jones joins the crowd to sell more alternative investments
Edward Jones joins the crowd to sell more alternative investments

“There’s a big pull to alternative investments right now because of volatility of the stock market,” Kevin Gannon, CEO of Robert A. Stanger & Co., said.

Record RIA M&A activity marks strong start to 2025
Record RIA M&A activity marks strong start to 2025

Sellers shift focus: It's not about succession anymore.

IB+ Data Hub offers strategic edge for U.S. wealth advisors and RIAs advising business clients
IB+ Data Hub offers strategic edge for U.S. wealth advisors and RIAs advising business clients

Platform being adopted by independent-minded advisors who see insurance as a core pillar of their business.

SPONSORED Compliance in real time: Technology's expanding role in RIA oversight

RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.

SPONSORED Advisory firms confront crossroads amid historic wealth transfer

As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.