Financial firms urged to take cyber security more seriously
Financial firms must start taking cyber security more seriously, as it is something the UK regulator is likely to get tough on, Financial Technology Research Centre founder and director Ian McKenna has warned.
According to a report in Money Marketing Magazine the US regulator the Securities and Exchange Commission (SEC) has become increasingly strict with firms which allow cyber security breaches. It announced last month that it had sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures. The failures had resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.
McKenna said it is a matter of “when, not if,” the Financial Conduct Authority gets tough on this. “While some firms are clearly changing their practices, we still see activity regularly where firms simply are not taking cyber security sufficiently seriously,” he said.
“This is an area where networks and support groups can add a lot of value to help smaller firms implement the right procedures," he added.
The eight firms which have agreed to settle the charges in the US are: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors, Cetera Investment Advisers, Cambridge Investment Research, Cambridge Investment Research, and KMS Financial Services. All were commission-registered as broker dealers, investment advisory firms, or both.
“Investment advisers and broker dealers must fulfil their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC enforcement division’s cyber unit.
“It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks," she added.