Investment Adviser Association Executive Director David Tittsworth said Wednesday he and the experts he has talked to have one message to the Securities and Exchange Commission about cybersecurity: “Don’t impose rigid rules.”
But he added that best practices would be really helpful.
At the SEC’s daylong cybersecurity round table, Tittsworth said the most common cyber attacks reported by his large and small members are takeovers of individual accounts, where a hacker might, say, send $60,000 to a Hong Kong bank.
SEC Chairman Mary Jo White stayed through the entire proceeding (which is rare for a round table focused on one issue), and the other commissioners stayed through all or most of the sessions. Their constant presence was likely due to the high profile and fast evolution of the topic, but also likely because of the lack of direct computer expertise the four attorneys and one economist have had during their careers.
No one gave any indication of where cybersecurity oversight for investment advisors might be headed. But Daniel Sibears, an executive vice president at Finra, said his organization’s goal is to publish best practices on the topic for broker-dealers, and noted it would be hard to say whether B-Ds could be facing specific cybersecurity guidelines.
So far, the stock market hasn’t generally punished companies for cyber incidents, the panelists noted, even retail chain owner TJX when it suffered one of the biggest breaches in history.
“In the next year or two, that is going to change,” said Peter Beshar, executive vice president and general counsel for insurer Marsh & McLennan.