(Reuters) - U.S. brokerage firms and financial advisers are a routine target of cyber criminals and some have lost money as a result of fraudulent emails requesting transfers of client funds, the U.S. Securities and Exchange Commission said in a report.
At least 88 percent of broker-dealers and 74 percent of advisers have been the target of cyberattacks, the SEC said on Tuesday, citing findings from a cybersecurity examination program it conducted last year. (1.usa.gov/1AoGhhL)
Most of the attacks were through fraudulent emails, some of which led to brokers losing more than $5,000, the report said. In one case, an adviser reported a loss of more than $75,000.
SEC Commissioner Luis Aguilar, a Democrat, said in a statement the examination showed that “cybersecurity is a persistent and growing threat, and that firms must take their cybersecurity duties seriously.”
Cybersecurity is a growing concern for business, as highlighted by recent hacking incidents at Home Depot Inc, Sony Corp and JPMorgan Chase & Co.
The SEC’s Office of Compliance Inspections and Examinations inspected 57 broker-dealers and 49 investment advisers for its “Cybersecurity Examination Initiative.”
The report said a quarter of the incidents that led to losses resulted from employees not following their company’s identity authentication procedures.
The examination found that the vast majority of brokerages conduct periodic risk assessments on a firm-wide basis to identify cybersecurity threats and have adopted written information security policies.
Wall Street's industry-funded watchdog, the Financial Industry Regulatory Authority (FINRA), issued a separate report on Tuesday that also identified hacking as a major threat facing brokerages. (bit.ly/1BSkr1A)
Reporting by Anil D'Silva in Bengaluru; Editing by Ted Kerr