An official with the Securities and Exchange Commission (SEC) urged investment advisers to double down on cybersecurity as a concern for more than just the IT department.
David Glockner, director of the SEC’s Chicago regional office, addressed the industry via phone during a conference in Arlington, Va.
{mosads}“I think it is difficult to [maintain] an effective cybersecurity program without high-level engagement,” Glockner told an audience at the Investment Adviser Association conference.
“I think it’s very difficult to have an effective security program that is just in the IT world,” Glockner said.
“Cybersecurity is an important risk. … Firms really need to be thinking about it in the context of all their other risks, and that’s difficult to do if you’re just approaching it from an IT perspective.”
The remarks come at a crucial time for businesses under threat from hackers, particularly those in the financial services industry.
Apart from concerns about their information security, firms are trying to stay on the right side of federal regulators who are also increasing their attention to cyber threats and data breaches.
The SEC is taking a closer look at registrants’ cybersecurity policies, according to Financial Planning, which reported Glockner’s comments.
The commission recently released partial results from a review of firms’ cyber practices, noting that less than a third have named a chief information security officer to manage cybersecurity.
So far, the SEC has not issued prescriptive guidance. Glockner, a former federal prosecutor, said that “reasonable” procedures will look different for different types of firms, but urged advisers and broker-dealers to embrace a security plan that is “more than just a check-the-box approach.”