In June 2016, a bulge bracket bank agreed to pay a USD1 million fine to settle a Securities and Exchange Commission (SEC) charge in relation to its failure to protect its customer information. According to a press release issued by the SEC, a former financial advisor who worked for the bank had impermissibly accessed and transferred client data related to approximately 730,000 accounts to his personal server, which was ultimately hacked by a third party; the personal data was then sold on the web. Some argue that the USD1 million penalty was a small price to pay for the bulge bracket bank, but others are saying that the charge marks a turning point in the SEC’s focus on cybersecurity-related issues.
Given the current regulatory environment and the increase in cyber attacks in the past year (in 2015, 38% more security incidents were detected than in 2014, according to PwC), more institutions are taking proactive steps to boost their cybersecurity programs.
We are seeing this trend play out in our own business. Intralinks is currently working with a Tier 1 bank to implement a technology solution that will help the bank streamline its client reporting and communication processes. Since this bank handles a huge amount of its investors’ Personally Identifiable Information (PII), it needed a platform that is secure and complies with all of the applicable company and industry regulations. If the bank’s client data were to be leaked, the repercussions to the bank’s business could include a large fines or worse — damage to the bank’s brand and reputation and a loss of client trust, all of which would negatively impact the bank’s client acquisition and retention efforts. The solution that this bank is implementing will give the bank a secure, end-to-end platform to process, organize and deliver reports to its clients, safeguard client PII and enable the bank to exchange information with its external funds.
It is clear that financial institutions are under increasing pressure from regulators to protect client data. The SEC has identified cybersecurity as being a top examination priority for 2016 and, as such, has advised that firms should be wary that both the fines and frequency of audits could increase over the next year. At Intralinks, we’re seeing cybersecurity priorities rise too. Over a two-year span (from March 2014 – March 2016), we completed more than 1,280 security audits, penetration tests and security questionnaires for corporations and financial institutions all over the world.
A data breach or an audit is now a matter of “when,” not “if.” By working with service providers and employees to strengthen policies and procedures related to cybersecurity and by employing technologies that are vetted and validated, companies can improve the quality of their cybersecurity efforts and, as a result, mitigate potentially disastrous reputational risks, instill confidence in investors and build market credibility.