Cybersecurity For Brokers: 'Only The Paranoid Survive'

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cybersecurity For Brokers: 'Only The Paranoid Survive'"

Transcription

1 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY Phone: Fax: Cybersecurity For Brokers: 'Only The Paranoid Survive' Law360, New York (July 2, 2015, 10:32 AM ET) -- Duuun dun, duuun dun, dun, dun, dun, dun, dun, dun, BOM, BOM, dun,dun, dun, dun, dun, dun, doo dedoo, doo dedoo, dede doo, dede doo, dede doo[1] Just when you thought it was safe to go back in the water and have a quiet summer, U.S. Securities and Exchange Commission Commissioner Luis Aguilar hoisted the warning flags. At the end of June, he gave a wide-ranging speech addressing a number of cyber-related problems facing the securities industry.[2] Aguilar touched on cyberissues relevant to many key players, from issuers to exchanges, but his speech was particularly noteworthy for securities firms trying to stay afloat in the (cyber) shark-infested waters of today s technology-driven world. [3] His speech is the first by a commissioner to address in detail the results of the SEC s 2014 cybersecurity sweep exam of broker-dealers (BDs) and Brian L. Rubin investment advisers (IAs), and it is also the first to discuss cyber-related enforcement actions by the SEC. Securities firms would do well to take notice (and take all other necessary precautions including, but not limited to, battening down the hatches). This was No Boat Accident [4]: Results of the SEC s 2014 Cybersecurity Exam The SEC s 2014 cybersecurity sweep examined 57 BDs and 49 IAs on a number of cyber-related issues ranging from technical safeguards and cybergovernance to breach response.[5] The sweep s results, released in February 2015,[6] had some encouraging data; for example, 93 pecent of BDs (although just 83 percent of IAs) reported having written information security policies.[7] Nonetheless, as Aguilar noted, the sweep s results revealed areas that needed improvement. [8] Among the troubled waters Aguilar identified were the following: Firms cybersecurity policies and procedures generally failed to specify how firms would determine responsibility for client losses stemming from a cyberattack. [9] The SEC s exam found that the policies and procedures of 30 percent of BDs and 13 percent of IAs contain these provisions.[10] Aguilar s decision to highlight this statistic may suggest that the SEC views this issue as a basic, best practice that all firms should address.

2 While most firms conduct periodic risk assessments of their own systems, fewer firms conducted [risk] assessments of their vendors systems. [11] The SEC found that 84 percent of BDs and 32 percent of IAs conduct risk assessment of vendors that have access to their networks.[12] The stark difference between BDs and IAs suggests that Aguilar s criticism may have been aimed more at IAs, whose results in the SEC s sweep exam were generally not as positive as the results from BDs.[13] However, the fact that Aguilar highlighted vendors suggests that firms may want to consider how they handle the cyberpractices of their vendors. Particularly given that several high-profile breaches in recent years began with a vendor breach, it is not surprising that the SEC might focus on this issue. The Financial Industry Regulatory Authority has already brought an enforcement action for this issue. In February 2010, it sanctioned a firm for failing to establish policies and procedures that address and review administrative, technical, and physical safeguards for the protection of customer information involved in an arrangement by which a firm outsourced many of its compliance and operations functions to a nonaffiliated third party. [14] [O]nly two-thirds of broker-dealers and only one-third of advisers have elected to designate a chief information security officer, while cybersecurity insurance is carried by just over half of broker-dealers, and by less than a quarter of advisers. Aguilar called these numbers disappointing because both practices are common-sense precautions that have been shown to decrease the costs associated with data breaches. [15] While having a dedicated chief information security officer (CISO) may not make sense for all firms (particularly smaller firms), having a cyber point person may help ensure that fewer cyberissues fall through the cracks. Like a CISO, cyberinsurance may not be appropriate for all firms. As FINRA has suggested, firms might want to assess whether existing insurance policies cover any aspects of cybersecurity events, as well as the cost of a new policy and the nature of coverage... a new or enhanced cyberinsurance policy [will] provide. [16] FINRA also found, however, that firms purchase cybercoverage to transfer potential unmitigated risk that a cyberattack poses; to obtain coverage for gaps in existing insurance policies; and to reduce the risk of potential impact to a firm s financial statement that a cyberattack might cause.[17] I Think He s Come Back For His Noon Feeding [18]: Cybersecurity Enforcement Actions According to Aguilar, the SEC has been proactively examining how it can bring more cybersecurity enforcement actions using its existing authority. [19] Although he did not cite any specific examples, he did reference a 2011 enforcement action as an example of a case in which a firm failed to protect [its] customers confidential information. [20] Aguilar s decision to cite this case may suggest one issue that is being investigated by the SEC s enforcement staff during its current investigations into multiple data breaches. [21]

3 In the case cited by Aguilar,[22] a broker-dealer s chief compliance officer (CCO) was fined and censured after his firm experienced a series of data breaches. According to the CCO s settlement with the SEC, no single person or department directed or coordinated the firm s responses to the thefts. In addition, the firm s limited response or follow-up [to a series of breaches] repeatedly revealed the firm s policies and procedures for safeguarding customer information to be inadequate. Nonetheless, according to the SEC, the firm s CCO failed to update his firm s Regulation S-P policies and procedures to address the firm s known cyberdeficiencies. The SEC censured the CCO and fined him $15,000. Aguilar s decision to highlight this case suggests that, setting aside the low-hanging fruit (or floating shark bait, if you prefer), such as firms using the word password as their password,[23] the SEC s future cyber-related enforcement actions will most likely involve firms that did not adequately respond to breaches or known cyberdeficiencies. The SEC has brought at least one similar case. In September 2008, the commission sanctioned a firm that was hacked at the time it had been considering implementing auditors recommendations to strengthen its cybersecurity practices.[24] For this and several other cyber-related issues, the firm was censured and fined $275,000.[25] Likewise, in May 2015, FINRA fined a firm $225,000 for not encrypting its laptops until June 2014 (following the theft of a firm laptop), despite having recognized the need for encryption of laptops in 2009.[26] You re Gonna Need a Bigger Boat [27]: Next Steps Aguilar s primary recommendation for members of the securities industry was the prompt sharing of actionable information about threats and possible defenses. For example, Aguilar referenced organizations such as the Financial Services Information Sharing and Analysis Center (FS-ISAC),[28] which gathers and disseminates information about cyberthreats to industry members. FINRA s comprehensive Report on Cybersecurity Practices likewise noted that [f]irms should use cyber threat intelligence to improve their ability to identify, detect and respond to cybersecurity threats. [29] In addition to the FS- ISAC, FINRA found that many firms have establish[ed] an in-house group or department responsible for handling threat intelligence, employed a security services provider for threat intelligence, relied on vendors, or used a combination of these approaches.[30] Lastly, the assistant director of the Federal Bureau of Investigation s Cyber Division recently suggested that members of the securities industry sign up to receive PIN, FLASH, and JAB alerts from the FBI, each of which provides a different type of notification discussing cyberthreats identified by the bureau.[31] * * * Just as "Jaws" kept coming back to the boat at the most importune times, a cyberattack can hit when you least expect it. (And unlike Jaws, a cyberattack will not be accompanied by ominous music to warn you that it s coming.) Although Aguilar s speech did not dive too deeply into cybersecurity for securities firms, it did highlight that firms must continually monitor how they protect themselves and their customers. As Aguilar observed, [i]t s an old joke that only the paranoid survive. In the cybersecurity context, it might just be true. [32] By Brian Rubin and Charlie Kruly, Sutherland Asbill & Brennan LLP Brian Rubin is the partner in charge of litigation in Sutherland's Washington, D.C., office. He is a former deputy chief counsel of enforcement at the National Association Of Securities Dealers (now FINRA) and a former senior enforcement counsel at the SEC.

4 Charlie Kruly is an associate in the firm's Washington office. The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice. [1] See (video of the Jaws theme on a 10-hour loop). [2] SEC Commissioner Luis A. Aguilar, A Threefold Cord Working Together to Meet the Pervasive Challenge of Cyber-Crime, SINET Innovation Summit, New York, New York (June 25, 2015), [hereinafter, Aguilar, A Threefold Cord ] [3] Id. [4] Jaws (1975), [5] See National Exam Program Risk Alert: OCIE Cybersecurity Initiative, at 3 (Apr. 15, 2014) [hereinafter SEC Cybersecurity Sweep], [6] See National Exam Program Risk Alert: Cybersecurity Examination Sweep Summary (Feb. 3, 2015), [hereinafter SEC Sweep Results ]. [7] Id. at 2. [8] Aguilar, A Threefold Cord. [9] Id. [10] SEC Sweep Results at 2. [11] Aguilar, A Threefold Cord. [12] SEC Sweep Results at 2. [13] For example, 82 percent of BDs business continuity plans (BCPs) address cybersecurity, while only 51 percent of IAs BCPs do so. Similarly, 93 percent of BDs conduct cyberrisk assessments, but only 79 percent of IAs do the same. Id. [14] FINRA Letter of Acceptance, Waiver and Consent No at 4 (Feb. 10, 2010), [15] SEC Sweep Results at 2. [16] FINRA, Report on Cybersecurity Practices, at 37 (Feb. 2015),

5 df. [17] Id. [18] Jaws. [19] Aguilar, A Threefold Cord. [20] Id. [21] Id. [22] Release No (Apr. 7, 2011), [23] We re not making that up. See FINRA Letter of Acceptance, Waiver and Consent No , at3, 7 (Apr. 28, 2009), firm for, among other things, employ[ing] the username of Administrator and the password password on a fax server that had been used to host a phishing scam). [24] Release No , at 4-5 (Sept. 11, 2008), available at [25] Id. at 7. [26] FINRA Letter of Acceptance, Waiver and Consent No , at 2-3 (May 15, 2015), [27] Jaws. [28] See [29] FINRA, Report on Cybersecurity Practices at 34 [30] Id. [31] FBI Makes Broker-dealers an Offer They Can t Refuse: Talk to Us About Cybersecurity, Sutherland Cybersecurity and Privacy Insights (June 3, 2015), [32] Aguilar, A Threefold Cord. All Content , Portfolio Media, Inc.

The Problems With SEC s Cybersecurity Approach

The Problems With SEC s Cybersecurity Approach Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,

More information

SEC Cybersecurity Findings May Establish De Facto Standard

SEC Cybersecurity Findings May Establish De Facto Standard Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto

More information

Presidential Summit Reveals Cybersecurity Concerns, Trends

Presidential Summit Reveals Cybersecurity Concerns, Trends Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect

More information

Corporate Perspectives On Cybersecurity: A Survey Of Execs

Corporate Perspectives On Cybersecurity: A Survey Of Execs Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

Cybercrime and Regulatory Priorities for Cybersecurity

Cybercrime and Regulatory Priorities for Cybersecurity NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L

More information

Cybersecurity and Insurance Companies

Cybersecurity and Insurance Companies Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting

More information

CYBERSECURITY EXAMINATION SWEEP SUMMARY

CYBERSECURITY EXAMINATION SWEEP SUMMARY This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity

More information

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02 Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance

More information

Cyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP

Cyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

More information

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Client Update SEC Releases Updated Cybersecurity Examination Guidelines Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

Cybersecurity Risks, Regulation, Remorse, and Ruin

Cybersecurity Risks, Regulation, Remorse, and Ruin Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem. Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot

More information

Identity theft continues to make headlines as evidenced by the

Identity theft continues to make headlines as evidenced by the Investment Advisers Must Ramp Up Identity Theft Prevention Efforts By Bibb L. Strench Bibb L. Strench is Counsel at Seward & Kissel s Washington, D.C. office. He provides advice to registered investment

More information

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

PROPOSED INTERPRETIVE NOTICE

PROPOSED INTERPRETIVE NOTICE August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

Dealer Member Cyber-security

Dealer Member Cyber-security Administrative Notice General Please distribute internally to: Legal and Compliance Senior Management Contact: Wendy Rudd Senior Vice President, Member Regulation and Strategic Initiatives 416 646-7216

More information

Data Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014

Data Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014 Data Privacy And Cybersecurity For Investment Funds Gregory J. Nowak Angelo A. Stio III October 28, 2014 WHY IS DATA PRIVACY AND SECURITY IMPORTANT? 2 Why is it important to protect data? Data privacy

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Delving Into FCC's 'Damn Important' Cybersecurity Report

Delving Into FCC's 'Damn Important' Cybersecurity Report Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Delving Into FCC's 'Damn Important' Cybersecurity

More information

DOL Whistleblower Rule Will Have Far-Reaching Effects

DOL Whistleblower Rule Will Have Far-Reaching Effects Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DOL Whistleblower Rule Will Have Far-Reaching Effects

More information

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION INVESTMENT ADVISERS ACT OF 1940 Release No. 4204 / September 22, 2015 ADMINISTRATIVE PROCEEDING File No. 3-16827 In the Matter of

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Healthcare Information Security Today

Healthcare Information Security Today Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare

More information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

More information

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:

More information

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015 Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION SECURITIES EXCHANGE ACT OF 1934 Release No. 60733 / September 29, 2009 INVESTMENT ADVISERS ACT OF 1940 Release No. 2929 / September

More information

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members: Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

Testing Your Cybersecurity Infrastructure and Enforcement Related Developments

Testing Your Cybersecurity Infrastructure and Enforcement Related Developments Wednesday, April 29, 2015 Testing Your Cybersecurity Infrastructure and Enforcement Related Developments Mark C. Amorosi, Investment Management Partner, K&L Gates LLP Laura L. Grossman, Assistant General

More information

Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms

Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms September 2014 rth American Securities Administrators Association www.nasaa.org About

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

IT Security to Combat Today s Cyber Fraud

IT Security to Combat Today s Cyber Fraud IT Security to Combat Today s Cyber Fraud Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting - O Connor Davies, LLP Timothy M. Simons, CPA, CFA, CIPM, CSCP, CFP Senior Managing

More information

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES

More information

What The OMB Cybersecurity Proposal Does And Doesn't Do

What The OMB Cybersecurity Proposal Does And Doesn't Do Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com What The OMB Cybersecurity Proposal Does And Doesn't

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

Cybersecurity..Is your PE Firm Ready? October 30, 2014

Cybersecurity..Is your PE Firm Ready? October 30, 2014 Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services

More information

Zero Deficiencies: Closing the Gap

Zero Deficiencies: Closing the Gap Zero Deficiencies: Closing the Gap By Francois Cooke July 2012 INTRODUCTION Broker-dealers face constant regulatory risks that continue to increase. These risks have short-term and long-term ramifications.

More information

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan

More information

Cybersecurity Developments and the Growing Role of Senior Executives and Directors

Cybersecurity Developments and the Growing Role of Senior Executives and Directors Cybersecurity Developments and the Growing Role of Senior Executives and Directors From the 2013 Target Corporation breach to this year s attacks on Primera Blue Cross and American Airlines Group Inc.,

More information

securities litigation & regulation

securities litigation & regulation Westlaw Journal securities litigation & regulation Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 21, issue 3 / june 11, 2015 Expert Analysis SEC Cybersecurity Investigations:

More information

Cybersecurity Assessment

Cybersecurity Assessment Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today

More information

Today s Session. Identity Theft and the Tax Practice 12/4/15. Identity Theft in General. Size of the Problem. Working with an Affected Client

Today s Session. Identity Theft and the Tax Practice 12/4/15. Identity Theft in General. Size of the Problem. Working with an Affected Client Identity Theft and the Tax Practice Edward K. Zollars, CPA www.cperesources.com www.currentfederaltaxdevelopments.com New Mexico Tax Conference Today s Session Identity Theft in General Size of the Problem

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am 1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing

More information

Cybersecurity Issues for Community Banks

Cybersecurity Issues for Community Banks Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street

More information

How GCs And Boards Can Brace For The Cybersecurity Storm - Law360

How GCs And Boards Can Brace For The Cybersecurity Storm - Law360 Page 1 of 6 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com How GCs And Boards Can Brace For The Cybersecurity

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER December 9, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF

More information

San Francisco, California WEDNESDAY, NOVEMBER 12, 2014 (All times Pacific Standard Time)

San Francisco, California WEDNESDAY, NOVEMBER 12, 2014 (All times Pacific Standard Time) 9:00 am 9:05 am Welcome and Introduction Presented by Mark D. Perlow and Richard M. Phillips Mr. Phillips concentrates his practice in securities regulation, particularly SEC enforcement, investment management

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE

REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE CYBER RISKS SECURITY BREACH CHECKLIST REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE STEP 1 UNDERTAKE PRELIMINARY ASSESSMENT OF THE INCIDENT A serious data security breach is described

More information

Broker-Dealer Supervision of Variable Annuity Sales

Broker-Dealer Supervision of Variable Annuity Sales Broker-Dealer Supervision of Variable Annuity Sales Clifford Kirsch Sutherland Asbill & Brennan LLP 1114 Avenue of Americas-40 th Floor New York, NY 10036 (212) 389-5052 clifford.kirsch@sablaw.com 1 Relevant

More information

10 Important Aspects Of The CFTC Whistleblower Program

10 Important Aspects Of The CFTC Whistleblower Program Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com 10 Important Aspects Of The CFTC Whistleblower Program

More information

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes

More information

DOD Takes Data-Centric Approach To Contractor Cybersecurity

DOD Takes Data-Centric Approach To Contractor Cybersecurity Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DOD Takes Data-Centric Approach To Contractor Cybersecurity

More information

P: 202.383.0124 E: brian.rubin@sutherland.com

P: 202.383.0124 E: brian.rubin@sutherland.com ATTORNEY BIOGRAPHY Brian L. Rubin Partner Washington P: 202.383.0124 E: brian.rubin@sutherland.com Education J.D., Duke University School of Law, Vice Chair, Moot Court Board First Place Team, Craven Cup

More information

Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP

Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA, LLP Created as a collaborative effort between government and industry to ensure every American has the resources they need to stay

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

FINANCIAL SERVICES Cybersecurity 2.0: The Role of Counsel in Addressing Destructive Cyberattacks

FINANCIAL SERVICES Cybersecurity 2.0: The Role of Counsel in Addressing Destructive Cyberattacks FINANCIAL SERVICES Cybersecurity 2.0: The Role of Counsel in Addressing Destructive Cyberattacks By David Fagan and Ashden Fein Covington & Burling It is well understood that cyber threats evolve and,

More information

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense 1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach

More information

On July 18, 2006, the US Securities and Exchange Commission (SEC) issued

On July 18, 2006, the US Securities and Exchange Commission (SEC) issued SEC Adopts New Soft Dollar Guidelines by Bibb L. Strench and Thomas E. Bisset Vol. 13 No. 9 September 2006 On July 18, 2006, the US Securities and Exchange Commission (SEC) issued new guidance (2006 Final

More information

Navigating the Advertising Rules Applying to Investment Adviser and Broker-Dealer Advertising

Navigating the Advertising Rules Applying to Investment Adviser and Broker-Dealer Advertising 177 ALI-ABA Course of Study The Financial Services Regulatory Revolution: Navigating the New World of Broker-Dealer and Investment Adviser Regulation, Supervision, and Sales Practices October 21-22, 2010

More information

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT) INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

Takeaways From GE Capital's $225M Credit Card Settlement

Takeaways From GE Capital's $225M Credit Card Settlement Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Takeaways From GE Capital's $225M Credit Card Settlement

More information

Tuesday, June 04, 2013 -- 2013 NYS Cyber Security Conference

Tuesday, June 04, 2013 -- 2013 NYS Cyber Security Conference About Us Zogby Analytics conducts a wide variety of surveys internationally and nationally in industries, including banking, IT, medical devices, government agencies, colleges and universities, non-profits,

More information

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago

More information

Perspectives on Cybersecurity and Its Legal Implications

Perspectives on Cybersecurity and Its Legal Implications Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of

More information

Report on Cybersecurity Practices

Report on Cybersecurity Practices A REPORT FROM THE FINANCIAL INDUSTRY REGULATORY AUTHORITY Report on Cybersecurity Practices FEBRUARY 2015 Contents Executive Summary 1 Background 3 Governance and Risk Management for Cybersecurity 6 Cybersecurity

More information

Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015

Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015 Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015 CONTENTS: PROGRAM SCHEDULE... 11 FACULTY BIOS... 19 1. Big Picture Cyber: Threats, Vulnerabilities and

More information

Financial Advisor Variable Annuity Sales Practices

Financial Advisor Variable Annuity Sales Practices Financial Advisor Variable Annuity Sales Practices Clifford Kirsch Sutherland Asbill & Brennan LLP 1114 Avenue of Americas-40 th Floor New York, NY 10036 (212) 389-5052 clifford.kirsch@sablaw.com 1 Relevant

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Privacy Policy & Identity Theft Prevention Program

Privacy Policy & Identity Theft Prevention Program Privacy Policy & Identity Theft Prevention Program Orcam Financial Group LLC PO Box 91098 4640 Cass St San Diego, CA 92109 (858) 220-5383 Orcam Financial Group LLC Privacy Policy February, 2014 Page 1

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Recent Trends In Pension Buyouts And Lump Sum Offers

Recent Trends In Pension Buyouts And Lump Sum Offers Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Recent Trends In Pension Buyouts And Lump Sum Offers

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information