While the SEC has been pushing public companies to improve their cybersecurity, minimal adoption of stronger cybersecurity rules has led the agency to draft new rules requiring more formal cybersecurity reporting and disclosure. The SEC proposal outlined several requirements that are designed to improve cybersecurity awareness and reporting for corporate executives and board members. The first is cybersecurity incident reporting, including current reporting about material incidents and periodic reporting about previous incidents. The second requirement is cybersecurity policies such as periodic reporting about policies and procedures to identify and manage risks. The third proposal is management requirements including management’s role and expertise in assessing and managing risk and management’s role and expertise in implementing policies and procedures. The final requirement is board oversight such as reporting on how the board of directors performs oversight on cybersecurity and disclosure of the board of directors’ cybersecurity expertise if any.

Finsum:The SEC recently drafted new cybersecurity rules for companies, including incident reporting, policies, management requirements, and board oversight.

Over the past several months, financial firms are seeing an uptick in ransomware attacks. In fact, IT security professionals in the financial industry have noted that ransomware attacks have not only become more common but have also become more sophisticated. Cybersecurity professionals are seeing a new wave of threats that banks and investment firms are struggling to prevent. Over the past two years, financial firms are seeing more ransomware attacks that utilize outside service providers which are also known as ransomware-as-a-service. Firms are also seeing variants that have chosen different attack vectors, meaning they are now attacking other areas of firms such as corporate phone systems. According to Sophos’ The State of Ransomware in Financial Services 2022, 55% of financial service firms were victims of at least one attack in 2021, up from 34% in the previous year. The bigger issue for banks and other financial firms though is not just the number of ransomware threats, but their increasing sophistication.

Finsum:Financial firms are not only seeing an increase in ransomware threats, but the sophistication of attacks has also increased.

According to a recent Charles Schwab RIA Benchmarking Study, talent is the top strategic priority for RIAs. This matches a Talent Management Study from San Francisco-based RIA consultancy DeVoe & Co., which showed recruiting is the biggest concern RIAs face today concerning talent. A recent Barron’s article highlighted the challenges RIA face when recruiting advisors. Firms are facing headwinds such as a rapidly aging workforce, a lack of young advisors to take over, loss of talent from the Great Resignation, and competition from mega financial firms. Barron’s highlighted the fact that over one-third of advisors are likely to retire within the next 10 years according to a study by Cerulli Associates. In addition, according to a survey by Ameriprise Financial, advisory firms currently have an average of three open positions at their firms. Some RIAs are turning to college students to fill the talent gap as the competition for experienced advisors is immense, while others are recruiting from banks and offering perks such as firm equity, high cash compensation, and generous payouts.

Finsum:Due to an aging workforce and strong competition, recruiting is a top priority for many RIA firms.