FYI: Results of the 2018 NSCP/ACA Aponix Cyber Survey have been released, showing practices, trends and experiences from over 200 responding firms regarding cybersecurity compliance. Among the areas surveyed were cybersecurity governance, vendor management, technical controls, budgets and breach response.
These types of surveys are a great way to get ideas about what firms of all types and sizes are doing to address compliance challenges and to benchmark against others in the industry. Particularly interesting highlights from this survey included:
–Regulatory cyber exams have increased among respondents since last year….the SEC by 21%, FINRA by 30% and the NFA by 50%.
–Most respondents (67%) conduct a cyber risk assessment at least annually.
–44% of respondents have conducted (or plan to conduct) a mock regulatory cybersecurity exam.
–57% of all respondents conduct diligence on key vendors annually.
–Looking at both the past 12 months and the next 12 months, respondents report “cybersecurity testing/assessment” as the top area where they have increased their spending.
–Most of all respondents (54%) report having cyber insurance, although the existence and amount of insurance scales with firm size.
–31% of respondents said they should be compliant with GDPR (the European privacy regulations now in effect) but aren’t yet.
The webcast summarizing the survey results also references the CCPA – 2018 California Consumer Privacy Act – for which the State of California is currently undergoing rulemaking to implement the law. As perhaps the most influential privacy law ever seen in the US, financial firms may have to consider the impact of the CCPA even if they don’t have offices, personnel or clients in California, but if they have, for example, relationships with other advisers/sub-advisers, custodians, cloud services firms or other firms that are themselves within the scope of the new law.
Webcast discussing survey results (which includes a link to the webcast slides summarizing the results): https://www.acacompliancegroup.com/events/webcast/discussion-results-2018-nscp-aca-aponix-cyber-survey (registration required for free webcast).
Information about the CCPA: https://oag.ca.gov/privacy/ccpa.
* * *