What Mutual Fund Firms Need to Know About Data Breaches

In the two-year period between 2013 and 2015, cyberattacks affected more than 150 million people. Included in that large group of victims were some familiar names like Experian, Charles Schwab, Fidelity Investments, and Anthem.


Mutual Fund Data Breaches


Public relations and financial damages stemming from cyberattacks continue to get worse each year. In response to this trend, the Securities and Exchange Commission (SEC) imposed new regulations -referred to as the Cybersecurity Examination Initiative (CEI) -on financial companies with private data to protect.


With new rules to follow and growing threats to thwart, mutual fund trustees and directors have no choice but to make cybersecurity a priority in 2016 and beyond. This blog will give fund managers a quick overview of what they need to do to obtain adequate insurance coverage and maintain compliance with CEI.


Cybersecurity Compliance


The SEC’s Office of Compliance Inspections and Examinations (OCIE) evaluates the data protection capabilities of mutual funds in the following ways:


  • Risk-assessment processes and cybersecurity governance
  • Access rights and controls, including controls associated with customer logins/passwords and remote access
  • Data loss prevention
  • Vendor management
  • Training designed to encourage vendor and employee reliability regarding data protection
  • Incident response processes


To be compliant with CEI, registered investment advisers must have certain safeguards in place. A shortlist of best practices would have to include:


  • Documented security procedures and policies
  • Regularly scheduled policy and procedure assessments
  • A cybersecurity expert in the role of chief security officer, CIO, or chief privacy officer
  • An internal cybersecurity committee
  • A cybersecurity firm on retainer providing advice and reports on an ongoing basis
  • Elimination of PII on third-party servers
  • Elimination of encrypted PII on internal networks.
  • Installation of a firewall to prevent malicious incursions and a logging system to detect any attempts


Cybersecurity Insurance: Worth the Cost?


Making an investment in cybersecurity insurance -and ensuring any affiliate organizations are covered -may mitigate some damages caused by data breaches, but significant gaps in coverage exist, and many companies find themselves paying millions of dollars in damages despite their policies. What’s worse, many insurers have made things even harder by adding special exclusions and limitations related to cybersecurity incidents.


The Promise of MicroEncryption and MicroTokenization


CertainSafe team works with corporations and small businesses in numerous industries to assess and protect every aspect of data management. Our proprietary software blocks hackers from the start by breaking down sensitive information into mathematically unique packets and physically storing the data in different locations. We also provide up-to-the-minute monitoring and response services, keeping your bottom line and your customers safe from data breaches.


Visit our homepage today to schedule a consultation.