Nearly 40% of compliance professionals from asset management, investment adviser, and private markets firms have yet to evaluate Artificial Intelligence (AI) as a cybersecurity risk, while 44% have concerns about how the SEC’s new cybersecurity rules will be enforced.
Nearly 40% of compliance professionals from asset management, investment adviser, and private markets firms have yet to evaluate Artificial Intelligence (AI) as a cybersecurity risk, while 44% have concerns about how the SEC’s new cybersecurity rules will be enforced, according to the 2024 Cybersecurity Benchmarking Survey, a joint project of ACA Group and the National Society of Compliance Professionals (NSCP).
ACA Aponix®, part of ACA Group, and the NSCP conduct the survey bi-annually to help firms better manage increasing expectations and uncertainty around cybersecurity risk. The 2024 survey, fielded online between January and February, covered a wide range of topics. Notable findings include:
“Our survey findings underscore the critical importance of staying ahead of evolving cybersecurity threats”
Fintech Insights: Hyper-personalization in Banking: The Tech Journey to Serving a Segment of One
- Regulatory preparedness and concerns: 44% of respondents surveyed said they are uncertain about how the SEC will enforce the rules, while 36% of compliance professionals cited concerns with complying with cyber incident reporting requirements and timeframes.
- AI risk management: While 38% of respondents have yet to identify AI as a cybersecurity risk, and 27% don’t consider AI relevant to cybersecurity, nearly half (49%) said they are in the early stages of exploring AI as a tool for cybersecurity risk management.
- Cybersecurity threats: Respondents cited the following as the top three cyber threats they are most concerned about: Payment fraud/business email compromise (70%); ransomware (67%); and privacy threats and risk to personal identifiable information (52%). Respondents are least concerned about deepfakes, with just 5% citing them as a concern.
- Cybersecurity preparedness: Approximately 79% of compliance professionals expressed confidence in their firm’s ability to respond to a cyber breach. Only 40% have done an external test of the firms’ response plan.
- Cyber insurance: Approximately 83% are confident in their ability to respond to an unforeseen system outage. Most respondents (85%) who have cyber insurance say it is viewed as a key risk management tool.
- Vendor cybersecurity: Despite clear concerns over how vendor due diligence is performed, more than half (51%) of firms have not renegotiated any vendor contracts with additional cybersecurity provisions in the last 24 months.
“Our survey findings underscore the critical importance of staying ahead of evolving cybersecurity threats,” said Mike Pappacena, Partner at ACA Aponix. “As nearly half of the respondents express uncertainty about SEC enforcement, it’s clear that regulatory compliance remains a top concern. At ACA, we’re committed to providing our clients with robust regulatory guidance and solutions to navigate these challenges effectively.”
“The Cybersecurity Benchmarking Survey continues to be a valuable resource to compliance professionals seeking insight about current and emerging cybersecurity trends, policies, and challenges across the financial services industry,” said Lisa Crossley, Executive Director, NSCP. “We are particularly proud of our partnership with ACA Group to help firms prioritize their cybersecurity programs.”
Results of the 2024 Cybersecurity Benchmarking Survey will be released during ACA’s and NSCP’s webcast on April 25, 2024.
Read More About Fintech Interviews: How Blockchain-Powered Ecosystems Are Poised to Transform the Agricultural Sector
[To share your insights with us, please write to pghosh@itechseries.com ]
