With ever-changing cybersecurity regulations and new technology integrations, wealth management professionals are required to keep up with trends and update strategies accordingly.
New cybersecurity regulations often change from year to year. For example, in May 2018, General Data Protection Regulation (GDPR) updated laws across the EU for data privacy standards, and subsequent standards are influencing regulators worldwide.
With new technologies entering the enterprise realm, such as the Internet of Things (IoT), new security vulnerabilities are constantly emerging.
Such vulnerabilities can be extremely costly. An IBM study showed that the global cost of a data breach averages $3.86 million, up 6.4 percent from a year earlier. Accenture’s High Performance Security Report 2016 showed that organizations see 85 attacks a year on average, and one in three of these attacks succeed.
What follows is a look at the current cybersecurity trends in the wealth management sector.
GDPR
The aforementioned EU regulations implemented this year, GDPR, updated regulations and standards for the processing, storing, and securing of personal data. The aim was to “harmonize” data security across the EU and better protect citizens’ personal data.
Organizations are now encouraged to completely reshape the way they handle data privacy. While the standards only apply to those countries within the EU, GDPR is expected to influence global security regulation updates, according to the IT firm Align. These regulations affect businesses in many other countries, such as the United States., that work with European countries regularly or have international offices and operations.
These new standards require financial institutions to invest in training employees to improve employees’ knowledge.. And in some cases, new roles will have to be created so that experts in the privacy field are able to ensure a company is compliant with all new regulations.
Because GDPR was implemented in May 2018, the long-term effects of the updates have yet to be seen. But there’s no doubt that these standards have changed the way data security and privacy are handled worldwide.
Internet of Things
The IoT is made up of connected devices, whether wearables, home appliances, or other devices, that communicate with each other and share data. And this industry is growing extremely fast.
According to Bain research, the IoT market will reach around $520 billion by 2021, more than doubling from 2017.
The rapid spread IoT devices will rapidly expand openings for bad actors and financial institutions should begin vetting their security practices and employee training programs now to prepare for this evolving threat. .
Two-factor authentication (2FA) systems, or multi-factor authentication (MFA), can help financial companies protect themselves and their clients even more. An example of this is seen on bank apps when a user is required to use their fingerprint to login even when using their registered smartphone.
Align says that authentication should be a main focus in ensuring that hedge funds and investment firms are keeping up with best security practices in this climate.
Investments in cybersecurity professionals
These changing regulations and increased opportunities for data breaches mean that investment firms should pay greater attention to hiring cybersecurity professionals. Financial institutions are common targets for hackers, so recruiting and retaining personnel who can better protect a company against these attacks should be a top priority for those in charge.
Such cybersecurity experts can be a valuable training resource and help their employers update policies to ensure that all new regulations and laws are being followed and that adequate precautions are in place.
In addition, security professionals can easily ensure that all company devices have the latest antivirus programs and receive regular updates, and that password and encryption standards are being met. As the IoT continues to grow, company-provided devices for employees that are managed by a cybersecurity department will also better protect against security breaches.
New York’s example
In 2017, New York state became the first in the nation to implement minimum cybersecurity regulations. Financial services institutions, such as banks and insurance companies, are now required by law to have a cybersecurity program implemented. According to the New York State Department of Financial Services, such programs must:
- Protect the private data of consumers;
- include written policies approved by a senior officer or board members;
- be under the direction of a Chief Information Security Officer; and
- implement controls and plans to “help ensure the safety and soundness of New York’s financial services industry.”
The state started an online cybersecurity portal through which these institutions must start reporting cybersecurity incidents.
It is widely expected that other states will launch similar regulations in coming years.
To learn more about cybersecurity trends for financial institutions, contact Wentworth Management Services LLC, a financial services holding company.