NASAA President and Minnesota Commissioner of Commerce Mike Rothman
June 23, 2017
Washington, D.C.

Good morning everyone and welcome to the North American Securities Administrators Association’s Cybersecurity Roundtable.

Welcome to both those with us here in the room today and the nearly 500 people taking part in our virtual roundtable across North America.

On behalf of NASAA, I want to express our sincere appreciation for your participation in this important event.

As we start today’s event, I would like to thank our NASAA staff for preparing today’s Roundtable. Without your dedicated work we would not be able to plan and pull off this important event.

As you can see in your materials (which are also available online), we have an ambitious agenda for today’s event with presentations from top experts on the Cybersecurity landscape and how to address Cybersecurity challenges.

Cybersecurity is a top priority for NASAA and its members — the state, provincial and territorial securities regulators in the United States, Canada and Mexico.

I am working with my fellow securities commissioners throughout North America, as well as with other financial regulators, to identify specific threats and develop strategies to protect our financial infrastructure.

NASAA also continues to work on this vital issue as a member of the Treasury Department’s Financial and Banking Information Infrastructure Committee (known as FBIIC).

Shortly after becoming NASAA’s president last fall, we began plans to bring together leading experts in an open forum to help build our informational arsenal in the fight against cyberattacks, which have become one of the greatest threats globally to our financial sector.

Cybersecurity is a growing challenge for the securities industry and for securities regulators at all levels.

No securities firm or investment adviser of any size can afford the loss in client trust – much less financial losses – that will result from a serious cybersecurity failure. And no investor should have his or her personal information compromised.

Cyberattacks have become increasingly sophisticated and widespread, as we saw most recently with last month’s massive “WannaCry” ransomware cyberattack that crippled computer networks around the world.

The statistics help map the battleground that we face. In 2016 alone, the number of U.S. data breaches reached an all-time record high of 1,093, according to the Identity Theft Resource Center. That’s an increase of 40 percent over the 780 breaches reported in 2015.

Criminal data breaches will cost businesses a total of $8 trillion over the next 5 years, predicts a new report from Juniper Research. This report also forecasts that the number of personal data records stolen by cybercriminals will reach 2.8 billion this year and 5 billion in 2020.

Another study, by specialist insurer Hiscox, found more than half of businesses surveyed in the United States, the United Kingdom and Germany were ill-prepared to deal with cyberattacks. Larger U.S. firms were targeted more often than others, with 72 percent experiencing a cyberattack in the last 12 months.

The study also found that the financial impact of cyberattacks was felt the greatest by smaller firms, which, surprisingly also appeared to be more complacent than larger firms in their response to these attacks. Nearly one-third of smaller victims of cyberattacks indicated they planned no changes to their security measures.

These threats to the public mean that, as regulators, we must be vigilant. We need to closely monitor developments to promote best practices in the industry.

It is important that securities firms and professionals have the tools and information they need for cybersecurity. It is also essential to have the proper regulatory expectations and guidance in place for the securities industry.

Three years ago, NASAA conducted a survey of small and mid-sized registered investment adviser firms in nine states. Based on the survey results, NASAA developed a cybersecurity module for its coordinated examination program for use by members. This tool is being used as part of NASAA’s current investment adviser coordinated examinations to seek information about firm cybersecurity practices and procedures. This information will help inform our consideration of a possible model cybersecurity rule for investment advisers. You’ll hear a bit more about both during our first panel discussion.

NASAA also has worked with its members to develop resources for firms, and we established cybersecurity committees to strengthen our efforts. We also have enhanced our collaboration with other federal and state regulators. It is time for us to take another, closer look at the current state of preparedness and at what kind of support NASAA can provide.

There’s no question that cyberattacks are going to increase. As we go forward, we all have to focus on three basic areas: prevention, mitigation and, if you do happen to get hit, recovery.

As you can see from our program materials, NASAA believes cybersecurity, like many of the issues we face, requires a collaborative approach involving industry and regulators. We are also looking at new ways to provide resources for regulators and industry members to address cybersecurity issues, and we will continue to work collaboratively, so that we are all better prepared against cyberattacks.

This morning, you will have a unique opportunity to learn more about the nature of current cybersecurity threats from our first speaker, Supervisory Special Agent Jonathan L. Dean, for the FBI’s Cyber Division.

We also have the honor to have with us Matthew Solomon from the U.S. Treasury Department to share his insights on cybersecurity challenges in the financial sector.

During today’s Roundtable, you will hear about the state of cybersecurity and the financial services industry, as well as critical information about ways industry members can safeguard their systems and their clients from cyberattacks. You will hear how firms are working to counter cyber threats. And, you will get practical information on how small- and mid-sized investment adviser and broker-dealer firms can help protect critical client information from cybercriminals.

I want to thank each of our speakers for sharing your expertise and insight with us today. I know this Roundtable will help strengthen our efforts to protect firms and investors from cyber-incidents.

A special thank you goes to today’s panel moderators, my colleagues Joe Borg of Alabama, Andrea Seidt of Ohio, and Valerie Mirko of NASAA.

To our audience, both here and online, thank you again for joining us.

Now, to introduce our first speaker, I will turn the program back over to Mike Canning, NASAA’s Director of Policy, who has worked hard to lead NASAA team to put together today’s Roundtable.

Thank you.