Video: RIABiz Reporter weighs in on how advisors can generate positive coverage in the media | Thrivent

SEC raises the bar for cybersecurity

After warning for years about the increasing risk of cyber attacks, the SEC is sending an unambiguous message to financial advisors: Take cybersecurity seriously or face the consequences.

Proposed cybersecurity risk management rules released by the SEC for public comment recently would impose significant new requirements for advisors to detect, mitigate, and remediate cyber threats and vulnerabilities. The rules would require advisors to adopt and implement written policies and procedures to address cybersecurity risks; report significant cybersecurity incidents to the SEC; and maintain cybersecurity-related books and records.


Whether or not the proposed rules are fully adopted as written, they reflect the commission’s resolve to prioritize cybersecurity in its audits and enforcement investigations – and hold advisors accountable for failure to adhere to effective policies and procedures to safeguard client information. Advisors would be well advised to assess the design and effectiveness of their cybersecurity policies and procedures now, and make sure they are well-positioned to detect and mitigate potential risks.

In addition to assessing their own internal cybersecurity risks, advisors would be required to assess risks associated with the use of third-party service providers that have access to their systems. That means advisors may need to think about information security and how they engage with service providers in a whole new light.

Given the increasing pervasiveness and sophistication of cyber threats, independent advisors may want to consider if they are willing to devote the time and resources needed to maintain an effective cybersecurity program on their own. Indeed, the burden of managing increasingly complex technology, risk, and compliance requirements is a key reason many advisors who are looking to maintain their independence choose to work with a trusted partner for dedicated technology, risk, and compliance support. They’d much rather focus on helping clients achieve their financial goals than trying to keep track of the ever-changing technology and compliance landscape.

Latest Posts

Subscribe Here

Connect with us.

Contact Our Team

Investment advisory services offered through Thrivent Advisor Network, LLC., (herein referred to as “Thrivent”), a registered investment adviser. Clients will separately engage an unaffiliated broker-dealer or custodian to safeguard their investment advisory assets. Review the Thrivent Advisor Network Client Relationship Summary, Financial Planning and Consulting Services, Investment Management Services (Non-Wrap) and Wrap-Fee Program brochures for a full description of services, fees and expenses, available at Thrivent Advisor Network, LLC’s Advisory Persons may also be registered representatives of a broker-dealer to offer securities products. Advisory Persons of Thrivent provide advisory services under a "doing business as" name or may have their own legal business entities. However, advisory services are engaged exclusively through Thrivent Advisor Network, LLC, a registered investment adviser.