Representing financial professionals, financial institutions and investors in investment loss, employment and disclosure matters, and in regulatory investigations nationwide.

FINRA Reports that Brokerage Firms Must Treat Cyber Threats as a High Priority

On Behalf of | Feb 10, 2015 | Financial News, FINRA Compliance

This week, FINRA released a report focusing on the increased threats of cyberattacks in the financial industry, and preventative measures that all brokerage firms should implement to decrease their exposure to a serious cyberattack. The report emphasized that firms must treat threats of cyberattacks as a high priority. The report found that some of the factors exposing firms to increased threats of cyberattacks included:

  1. Advances in technology
  2. Changes in firms’ business models
  3. Changes in the use of information technology systems by firms and their customers

FINRA’s report resulted from an examination in 2014 that explored:

  1. The types of cyber threats
  2. Firms’ vulnerabilities/exposures to such threats
  3. Firms’ approaches in mitigating pervasive threats

The report found that key points of emphasis for members to implement included:

  1. A sound governance framework with strong leadership and engagement from upper management on cybersecurity issues
  2. The utilization of risk assessments as foundational tools to understand the cybersecurity risks faced across the range of firms’ activities
  3. Technical controls and a defense-in-depth strategy to provide an effective approach to conceptualize control implementation
  4. Developing, implementing, and testing incident response plans, including containment and mitigation, eradication and recovery, investigation, and notification to customers
  5. Managing cybersecurity risk exposures that arise from relationships with vendors by exercising extensive and ongoing due diligence across the lifecycle of their vendor relationships
  6. Establishing effective training programs to help reduce the likelihood that staff members can become inadvertent vectors for successful cyberattacks
  7. Capitalizing on intelligence-sharing opportunities to engage in collaborative self-defense which helps to protect firms from cyber threats

FINRA acknowledged that there was no “one-size-fits all” solution to address cyber threats, and encouraged firms to implement a risk management approach to cybersecurity tailored to the firms’ individual circumstances.

FINRA’s Report on Cybersecurity Practices can be found here: