Regulators are done warning firms about data security and Voya receives a first nip

The charges against Voya Financial Advisors earlier this week, which resulted in the company paying a $1 million settlement, makes clear that the Securities and Exchange Commission is done warning firms about cybersecurity. It’s ready to take action.

Wes Stillman, founder and CEO of RightSize Solutions, another cybersecurity firm, agreed that more SEC enforcement of cybersecurity is coming for the advice industry and a risk assessment is a “mandatory starting point” for firms. But firms can’t view it as a problem that security alone will solve, as humans are often the weakest link. Training and a security-focused culture are necessary for a strong defense against data breaches and fraud, he said.

 “It is time for RIAs to realize that it is no longer enough to have a policy, firms must use the policy to implement a systemic approach to security,” Mr. Stillman told InvestmentNews. “They must also be able to show they are in a defensible position — including documentation of the firm’s policy, supporting procedures, implemented enforcement, training and monitoring.”

Read the full article here