May 23, 2023
This month, BNY Mellon’s N.A. division notified clients that one of its vendors’ systems was infiltrated, resulting in exposure of client data, including Social Security numbers, Ignites reported. While there is no evidence that any resultant fraudulent activity has occurred, this still poses a significant risk to confidential client information.
What Does This Mean for Me?
Third-party data breaches pose significant risks to firms, especially investment advisers given their access to sensitive information. Firms should conduct due diligence on key vendors to mitigate third-party risk. Vendor due diligence reviews should assess:
Vendor due diligence is just one component firms must consider as part of a comprehensive cybersecurity program. Last month the U.S. Security and Exchange Commission (SEC) issued a risk alert warning of cybersecurity threats at the branch offices of broker-dealers and investment advisers, and in the past fourteen months, the SEC has released three material cybersecurity proposals for investment advisers.
The proposed amendments will require a significant amount of time and enhancement to existing cybersecurity practices. Fairview Cyber offers turnkey solutions that address SEC requirements for cybersecurity, and our team of regulatory experts are available to answer any questions you may have regarding the proposed rules. To learn more, visit our Cyber Solutions page or contact us if you’d like to speak to one of our regulatory experts.