Cybersecurity incidents and breaches are increasing annually in scope, magnitude, and creativity. But just how big is the problem?
- On average, cybersecurity costs businesses about $11.7 million each year
- 69% of financial firms ranked cyber risk in their top five concerns; 35% named it their top concern.
- From 2017 to 2018, detected cybersecurity incidents rose 22.7%
- Average reported cybersecurity losses increased 34%
Clearly, cybersecurity awareness and preparedness demands high priority for financial services firms to prevent business disruption and client data theft.
Cybersecurity Named Top Priority
FINRA’s 2019 Risk Monitoring and Examination Priorities Letter named cybersecurity as one of its top exam priorities and confirmed its continued scrutiny of firms’ cybersecurity programs.
Additionally, at year-end 2018, FINRA released its report on Cybersecurity Practices, which offers suggestions to help broker-dealers strengthen their cybersecurity programs. A consistent theme throughout the report is employee training as a key cybersecurity defense.
Cybersecurity Training for Employees
Many data breaches occur due to preventable employee mistakes. Developing a firm culture of cybersecurity awareness and regular cybersecurity training can reduce this problem. FINRA recommends that firms implement personnel training to promote understanding and compliance with their cybersecurity policies and procedures.
FINRA has observed the effective firm practice of providing ongoing (rather than one-time) training for employees on:
- Appropriately handling customer requests for username/password changes, identity verification and asset transfers, especially large transfers to overseas locations and third parties
- Sound practices for opening email attachments and links, including use of simulated phishing campaigns where the firm identifies and re-tests individuals who failed the exercise
- Identifying hacker-originated social engineering activities
Cybersecurity Training for Branch Offices
FINRA identifies training as integral to improving branch-level cybersecurity programs. Specifically, branch staff and reps with access to customer information should be required to complete initial onboarding. Additionally, firms should include cybersecurity training in their continuing education (CE) programs.
Before developing branch personnel training, firms should evaluate employees’ understanding and compliance of firm cybersecurity procedures.
Ongoing Cybersecurity Training
FINRA’s ongoing scrutiny of cybersecurity promises to be a sustained trend with the following cybersecurity training taking center stage:
- Web-based or live courses
- Simulations of actual cases experienced by the firm or peer firms
- Security awareness bulletins and phishing
Keep your firm in compliance and equip your employees with the right tools to address cybersecurity breaches.