2015 Cybersecurity Report
February 3, 2015
Today, FINRA published a Report on Cybersecurity Practices in the broker-dealer industry to highlight effective practices that firms should consider to strengthen their cybersecurity programs.
Given the evolving nature, increasing frequency and sophistication of cybersecurity attacks, as well as the potential for harm to investors, firms and the markets, cybersecurity practices will remain a key focus for FINRA. Our goal in publishing the report is to focus firms on a risk management-based approach to cybersecurity that is adaptable and capable of addressing evolving threats.
The observations and practices in the report are based on a variety of sources, including a sweep we conducted in 2014 of firms of varying sizes and business models, a 2011 survey of firms and interviews with other organizations involved in cybersecurity. As we note in the report, there is no one-size-fits-all approach to a cybersecurity infrastructure. Rather, the risk management-based approach that we discuss in the report enables firms to tailor their program to their particular circumstances.
FINRA stresses that the report is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations. Our expectation is that firms will use the report to assess and strengthen their cybersecurity practices.
I welcome your thoughts on the report and other areas where you believe FINRA should focus.
Richard G. Ketchum
Chairman and CEO