Just days after the North American Securities Administrators Association convened its Cybersecurity Roundtable in late June, news headlines reminded us that cyberattacks are among our greatest global threats. The Petya ransomware attack, following closely on the heels of the similar WannaCry attack, focused renewed attention on the growing cybersecurity challenges facing government, industry and the public.
No investment advisor or securities firm of any size can afford the loss in client trust — much less financial losses — that will result from a serious cybersecurity failure. And no investor should have his or her personal information compromised.
Cybersecurity is a top priority for NASAA and its members — the state, provincial and territorial securities regulators in the United States, Canada and Mexico. I continue to work with my fellow securities commissioners throughout North America, as well as with other financial regulators, to identify specific threats and develop strategies to protect our financial infrastructure. NASAA also continues to work on this vital issue as a member of the Treasury Department’s Financial and Banking Information Infrastructure Committee.
NASAA’s June 23 roundtable brought together leading cybersecurity experts to assess current cyber threats to the financial services industry, how industry is responding to the threats, and regulatory efforts underway to help small and midsize investment advisor and broker-dealer firms protect critical client information from cybercriminals.
Statistics help map the battleground that we face. In 2016 alone, the number of U.S. data breaches reached an all-time high of 1,093, according to the Identity Theft Resource Center. That’s an increase of 40% over the 780 breaches reported in 2015.
Criminal data breaches will cost businesses a total of $8 trillion over the next 5 years, predicts a new report from Juniper Research. This report also forecasts that the number of personal data records stolen by cybercriminals will reach 2.8 billion this year and 5 billion in 2020.
Another study, by the specialist insurer Hiscox, found more than half of businesses surveyed in the United States, the United Kingdom and Germany were ill-prepared to deal with cyberattacks. Larger U.S. firms were targeted more often than others, with 72% experiencing a cyberattack in the last 12 months.