FINRA is conducting an assessment of firms' approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms' IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.
FINRA has four broad goals in performing this assessment:
- To understand better the types of threats that firms face
- To increase its understanding of firms' risk appetite, exposure and major areas of vulnerabilities in their IT systems
- To understand better firms' approaches to managing these threats, including through risk assessment processes, IT protocols, application management practices and supervision
- As appropriate, to share observations and findings with firms
Note: The assessment addresses a number of areas related to cyber-security, including firms':
- Approaches to information technology risk assessment
- Business continuity plans in case of a cyber-attack;
- Organizational structures and reporting lines
- Processes for sharing and obtaining information about cyber-security threats;
- Understanding of concerns and threats faced by the industry
- Assessment of the impact of cyber-attacks on the firm over the past twelve months
- Approaches to handling distributed denial of service attacks
- Training programs
- Insurance coverage for cyber-security related events; and
- Contractual arrangements with third-party service provider
Click Here to download the FINRA Cyber-Security Sweep Alert.
For questions regarding this Alert or any other regulatory matter can be directed to:
Mitch Avnet, Managing Partner –Email or T:(646) 346-2468
Bill Schloth, National Director of Client Development –Email or T: (203) 247-3687