The Minnesota Department of Commerce has seen that businesses are increasingly the target of organized cyberattacks. Cyber thieves operate globally and this is a long-term threat. The increasing reliance on technology in our daily lives leaves our sensitive financial information more vulnerable to cyber threats such as unwanted viewing or theft without proper safeguards in place. While investors can take proactive steps to protect their financial information, I also urge financial planners and others in our financial markets who maintain their clients’ private data, to make cybersecurity a top priority in their businesses.
The Commerce Department has identified cybersecurity as a top concern for all of our regulated industries. I have made it a priority of the Department to determine the best way to address the issue with our industry members. As a member of the of the National Association of Insurance Commissioners (NAIC) Cyber Security Task Force, and as the Treasurer and Board Member of the North American Securities Administrators Association (NASAA), I have been able to discuss these issues and share ideas with leaders in the insurance and securities industries around the country and bring good ideas about how to address cybersecurity risks back to Minnesota.
For example, in 2014, the Department of Commerce participated in a NASAA pilot survey that looked at how cybersecurity is addressed in state-registered investment adviser firms across the country. The survey found that 62 percent of responding firms have undergone a cybersecurity risk assessment and 77 percent have cybersecurity policies and procedures in place.
For Minnesota-registered investment advisor firms with assets under management of less than $100 million, the survey found that 2 percent of responding investment advisor firms indicated that they had experienced a cybersecurity incident in which client data was compromised. In comparison, the NASAA survey, which included Minnesota’s data along with eight other states, found that 1.1 percent of responding investment advisor firms indicated that they had experienced a cybersecurity incident in which client data was compromised.
Understanding the level of preparedness for cybersecurity incidents, and the rate at which firms experience these issues, is just one way in which Commerce working to better understand the issues Financial Planners, Investment Adviser, and other financial professionals are facing.
Cybersecurity is an issue that will never go away and industry members must take precautions, from the simplest to more complex solutions. The threat of a cyberattack is real and the potential for great harm to the industry’s reputation and financial stability exists. At a minimum, cybersecurity plans should include a system to assess, track, report, and respond to any cyber events in an efficient and timely manner, and there should be internal testing of the system. Businesses should consider cyber security insurance to protect against cyber incidents and the related risks to the business and its customers.
As Commissioner, I encourage private-public partnerships to encourage more information sharing to combat this problem. Together, we can help make cybersecurity a top priority—it is crucial for the health of the industry. The Department of Commerce is here to help make sure that Minnesota’s financial industries are doing what they can to protect private data from cyberattacks.
Commerce Commissioner Mike Rothman
April 13, 2015