The Division has identified the cybersecurity of registered investment companies (“funds”) and registered investment advisers (“advisers”) as an important issue. Both funds and advisers increasingly use technology to conduct their business activities and need to protect confidential and sensitive information related to these activities from third parties, including information concerning fund investors and advisory clients. This guidance update highlights the importance of the issue and discusses a number of measures that funds and advisers may wish to consider when addressing cybersecurity risks. Because of the rapidly changing nature of cyber threats, the Division will continue to focus on cybersecurity and monitor events in this area.

Cyber-attacks on a wide range of financial services firms highlight the need for firms to review their cybersecurity measures. Discussions concerning cybersecurity with fund boards and senior management at advisers during the course of the Division’s senior level engagement and monitoring efforts also stressed this need, as did input from the Office of Compliance Inspections and Examinations’ review of adviser cybersecurity practices.

In addition, the Cybersecurity Roundtable hosted by the Commission last spring highlighted the importance of cybersecurity and the issues and challenges it raises for the financial services sector.
In the staff’s view, there are a number of measures that funds and advisers may wish to consider in addressing cybersecurity risk, including the following, to the extent they are relevant:

Eoin Treacy's view

The fact that the financial advisor sector is susceptible to cyber criminals is a further iteration of the trend where any company that holds potentially privileged information with regard to their clients is under threat. At FullerTreacyMoney we do not hold credit card details on file which removes the potential for hacking. Additionally we use the most up to date technology available to secure our database. As a web-based business we regard this as the equivalent of investing in a safe and alarm system for a jewellery store. I suspect that the majority of companies making financial consulting services available to customers do not have the same protections. This continues to represent a growth sector for security firms. 

The Profunds Cyber Security ETF (HACK) found support today in the region of $28.50 and a sustained move below that level would be required to question medium-term scope for additional higher to lateral ranging.