When it rains, it pours. Shortly after the Securities and Exchange Commission (SEC) was the subject of a Government Accountability Office report stating that it must do more to protect its computer systems from cyber-attacks, the regulator announced that its EDGAR network suffered a security breach last year. The SEC originally didn’t believe that anyone’s personal information had been compromised, but later, after a detailed forensic analysis, the regulator discovered that the names, birthdates, and Social Security numbers for two people had indeed been exposed.
This series of events powerfully illustrates the rapid growth and expansion of the cyber threat. Even one of the most powerful federal regulators, responsible for setting and enforcing standards on cybersecurity for financial services firms, finds it challenging to stay one step ahead of cyber-criminals.
I did not write this article to criticize the SEC. The regulator’s staff members deserve praise for their commitment to consistently improving the security of sensitive financial information, and investment firms’ computer systems in general, across the industry. The point I’m making is that if even the SEC can fall victim to hackers, no financial advisory practice or other business, regardless of size, can afford to make light of the cyber threat.