Investment Advisers Report Few Security Breaches

Download: NASAA Cybersecurity Report

WASHINGTON, DC (September 10, 2014) – The North American Securities Administrators Association (NASAA) today released results of a pilot project designed to better understand the cybersecurity practices of state-registered investment advisers, which account for more than half of the registered investment advisers conducting business in the United States.

“State securities regulators are very concerned by cybersecurity issues, and are focused on understanding how these issues affect their registrants, the small and mid-sized investment advisers,” said Andrea Seidt, NASAA President and Ohio Securities Commissioner.

The survey, conducted in July 2014, found 4.1 percent of responding firms indicating they had experienced a cybersecurity incident and even fewer, 1.1 percent, indicating they had experienced theft, loss, unauthorized exposure, or unauthorized use of or access to confidential information.

The survey also found that 62 percent of firms have undergone a cybersecurity risk assessment and 77 percent have policies and procedures related to technology or cybersecurity.

“While the relatively low rate in cybersecurity incidents identified in the pilot survey are encouraging, state securities regulators are aware of the increase in cyber-attacks in the financial services industry, and the importance and associated difficulties of securely maintaining private data,” Seidt said.

The pilot project surveyed 440 registered investment advisers with assets under management of less than $100 million. Investment advisers from 9 states participated in the pilot survey. Additional jurisdictions are planning to survey registered investment advisers in their jurisdictions, Seidt said.

“As NASAA’s study of cybersecurity practices of state-registered investment advisers continues, we expect to begin working toward recommended practices and engaging in additional conversation with industry,” Seidt said.

NASAA’s pilot project was designed to help regulators better understand the technology and data practices of state-registered investment advisers; how these advisers communicate with clients; and what types of policies and procedures these advisers currently maintain. The pilot project also focused on specific uses of technology and websites, with a goal of understanding the safeguards used by state-registered investment advisers to protect client information; to inform state examination programs; and to identify national cybersecurity trends relevant to state-registered investment advisers.

A compilation of the survey results is available on the NASAA website at

For More Information:
Bob Webster | Director of Communications

Skip to content