The issue of cybersecurity makes most investment advisers and brokers frustrated, at a minimum. It's costly and the threats come from all directions, including the SEC and other regulators.
I light of the on-going ransomware attacks, most notably one called "WannaCry," the SEC's Office of Compliance Inspections and Examinations moved quickly to issue a Risk Alert. The Risk Alert puts the attacks in the context of the issues and challenges the SEC staf found at advisers and brokers regarding the security of their systems and their clients' personal private information. In short, the Alert Risk Alert highlights the importance of conducting penetration tests and vulnerability scans on critical systems and implementing system upgrades on a timely basis.
The full Risk Alert is available here: https://www.sec.gov/files/risk-alert-cybersecurity-ransomware-alert.pdf
.The law firm Dechert has also published a quick analysis and review of the Alert. Available here: NEWSFLASH / A legal update from Dechert's Data Privacy and Cybersecurity Group