By Dominic Litz
What do you say when you forget to invite that one friend out for drinks for the second week in a row? Oops, I did it again! That is what some companies like Yahoo are saying to customers after recent cyber-attacks have compromised billions of customers’ information over the past few years. These breaches have led investment firms searching for ways to bolster their cybersecurity plans beyond their standard errors and omissions (“E&O”) policies, and say ‘bye bye bye’ to cyber-attacks. Financial regulating agencies such as the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority Inc. (“FINRA”) have begun to fine firms and bring enforcement cases for failing to provide adequate cybersecurity policies.
It has been reported that nearly 30% of financial advisory firms have cyber coverage along with their standard E&O policies. This recent increase in separate cybersecurity policies has been weighed against the risk of system attacks and, as Biondo Investment Advisors’ has calculated, the cost of $5,100 per year is worth the cost. Furthermore, compared to standard E&O coverage, cyber insurance policies would cover a firm’s lost “funds if they were wrongfully taken through an email transfer fraud, but not client funds stolen in such a scheme.” As one cyber security attorney stated, “[a]ll financial advisers, regardless of their size, should investigate having some type of data security or privacy insurance in place.” Liz Skinner, Is Cyber Insurance Worth the Cost, InvestmentNews.com, (Jan. 15, 2017) archived at https://perma.cc/S33T-K3BM. This advice would seem to be common sense when dealing with large sums of money and client’s personal data information.
With an increase in cyber-attacks, it is no surprise the regulating agencies are cracking down on investment firms. Recently, FINRA fined firms totaling $14.4 million for breaches of client’s electronic documents. As a client, this is both unsettling and comforting; one because normally, as a client you have no control over a breach to your investment firm. However, it shows that the regulating agencies are looking to protect client’s and are willing to punish investment firms for not doing everything they can to protect their client’s information and investments. Regardless of what cyber policies an investment firm has in place, as one chief information security officer has put it, “[y]ou can have the best practices in place and adopt the best possible solutions, but nothing is foolproof.” Liz Skinner, Is Cyber Insurance Worth the Cost, InvestmentNews.com, (Jan. 15, 2017) archived at https://perma.cc/S33T-K3BM.
Cybersecurity is just one more addition to the continuously tightening requirements investment firms are going to need to implement to comply with regulating agencies. Recently the Department of Labor (“DOL”) passed a new rule in which requires more strict disclosure and documentation rules for advisers. While cybersecurity or insurance is not a regulatory requirement yet, the fines and actions being brought against investment advisers may be enough of a deterrent making it become more standard across the industry. If the SEC and FINRA, along with other regulating agencies, continue to monitor cybersecurity there will likely be a spike in litigation dealing with cases such as invasion of privacy or violation of specific state statutes.
Inevitably, technology has and will continue to become a bigger part of everyday life including how we interact with investment advisers and allocate our assets. Unfortunately, many people are unaware of the actual risks that are out there until they hear of a story such as Yahoo where billions of accounts and information were hacked. Thankfully the regulating agencies who can oversee investment advisers and firms on a large scale are working to protect against cyberattacks both internal and third party. Hopefully, these regulating agencies will make cyber insurance a requirement so that the firms as well as investors feel more confident and safe when utilizing investment firms to grow their wealth.
News Article Link:
http://www.investmentnews.com/article/20170115/FREE/170119958/is-cyber-insurance-worth-the-cost
Bio: Dominic is a staff member of Journal of High Technology Law. He is currently a 2L and received a B.S. in Finance from Loyola University of Maryland.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.