NASAA Survey Finds Midsized Investment Advisers Addressing Cybersecurity Risks

The North American Securities Administrators Association ("NASAA") released the results of a pilot project designed to survey the cybersecurity practices of state-registered investment advisers, who account for more than half of the registered investment advisers conducting business in the United States.

The project surveyed 440 registered investment advisers with assets under management of less than $100 million. The results indicated that 4.1 percent of responding firms indicated that they had experienced a cybersecurity incident, and 1.1 percent indicated that they had experienced theft, loss, unauthorized exposure or unauthorized use of or access to confidential information.

The survey also found that 62 percent of firms have undergone a cybersecurity risk assessment, and 77 percent have policies and procedures related to technology or cybersecurity.

NASAA President Andrea Seidt explained that, as NASAA's study of cybersecurity practices of state-registered investment advisers continues, NASAA expects to "begin working toward recommended practices and engaging in additional conversation with the industry."

See: Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid-Sized Investment Adviser Firms; NASAA Press Release.