Skip to main content

Core Cybersecurity Threats and Effective Controls for Small Firms


The following tool identifies key cybersecurity risks currently facing small firms and helps them enhance their customer information protection, and cybersecurity written supervisory programs (WSPs) and related controls, including:

  • Highlighting the most common and recent categories of cybersecurity threats facing small firms, including questions to assist firms with addressing such threats;
  • Providing a summary of core controls small firms should consider, as well as relevant questions for consideration to evaluate their current cybersecurity programs; and
  • Including appendices with a glossary of relevant terms and additional resources.

FINRA Compliance Tools Disclaimer

This optional tool is provided to assist member firms in fulfilling their regulatory obligations. This tool is provided as a starting point and you must tailor this tool to reflect the size and needs of your firm. Using this tool does not guarantee compliance with or create any safe harbor with respect to FINRA rules, the federal securities laws or state laws, or other applicable federal or state regulatory requirements. This tool does not create any new legal or regulatory obligations for firms or other entities.


This tool was last reviewed and updated, as needed, on February 21, 2024. This tool does not reflect any regulatory changes since that date. FINRA periodically reviews and update these tools. FINRA reminds member firms to stay apprised of new or amended laws, rules and regulations, and update their WSPs and compliance programs on an ongoing basis.

Member firms seeking additional guidance on certain regulatory obligations should review the Cybersecurity Topic Page and any relevant FINRA Topic Pages.

Staff Contact(s)

FINRA's Office of General Counsel (OGC) staff provides broker-dealers, attorneys, registered representatives, investors and other interested parties with interpretative guidance relating to FINRA’s rules. Please see Interpreting the Rules for more information.

OGC Staff Contacts
Phil Shaikun and Carrie Jordan
1700 K Street, NW
Washington, DC 20006
(202) 728-8000


Download PDF