Firms plan to ramp up cybersecurity spending

The SEC’s lack of specific rules around cybersecurity should prompt firms to approach the topic ‘holistically.’

The number of financial services firms planning to expand their efforts on cybersecurity is rising sharply, according to a recent survey by advisory firm Duff & Phelps.

In the firm’s 2017 Global Regulatory Outlook report released April 11, 86 percent of its survey respondents said they expect to spend more time and resources on cybersecurity. This marks a major uptick from the same survey in 2016, when 60 percent had indicated the same.

Only 4.3 percent of the respondents this year said they do not plan to increase focus on cybersecurity.

Cybersecurity was also the leading topic respondents said they expected the regulators to focus on in 2017, with 31 percent picking it as the top priority – up from 19 percent in 2016.

In a commentary included in the report, Credit Suisse director of prime fund services Adam Menkes noted that the Securities and Exchange Commission’s lack of specificity on cybersecurity regulation allows the agency to examine firms on a case-by-case basis.

But this isn’t necessarily a negative thing, he added.

“While RIAs [registered investment advisors] may have less certainty about cyber compliance, they also have an opportunity to look at cybersecurity holistically and pragmatically,” he wrote in the report. “This should prompt them to consider not just the regulatory requirements, but also their own cybersecurity risks.”

The SEC isn’t the only regulator paying more attention to cybersecurity.

Duff & Phelps managing director of compliance and regulatory consulting Jason Elmer noted in the report that the Commodity Futures Trading Commission released in March 2016 a principles-based guidance on cybersecurity, while regulators in Hong Kong and the UK have signaled their intention to increase their activities on cybersecurity going forward.

“Firms are proactively looking to strengthen cyber defenses as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules,” Elmer said in a separate statement released by Duff & Phelps. “What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cybersecurity measures. For all these reasons, 2017 is set to be an important year for cybersecurity regulation.”

Duff & Phelps surveyed 181 financial services professionals for its fifth annual report.