Cybersecurity Benchmarking Survey Lists Top Concerns and Preparedness Among Respondents
Investment firms overlook AI as a cybersecurity risk and remain wary about SEC cybersecurity enforcement and compliance with new rules, survey reveals.
New York and London, March 26, 2024 – Nearly 40% of compliance professionals from asset management, investment adviser, and private markets firms have yet to evaluate Artificial Intelligence (AI) as a cybersecurity risk, while 44% have concerns about how the SEC’s new cybersecurity rules will be enforced, according to the 2024 Cybersecurity Benchmarking Survey, a joint project of ACA Group and the National Society of Compliance Professionals (NSCP).
ACA Aponix®, part of ACA Group, and the NSCP conduct the survey bi-annually to help firms better manage increasing expectations and uncertainty around cybersecurity risk. The 2024 survey, fielded online between January and February, covered a wide range of topics. Notable findings include:
- Regulatory preparedness and concerns: 44% of respondents surveyed said they are uncertain about how the SEC will enforce the rules, while 36% of compliance professionals cited concerns with complying with cyber incident reporting requirements and timeframes.
- AI risk management: While 38% of respondents have yet to identify AI as a cybersecurity risk, and 27% don’t consider AI relevant to cybersecurity, nearly half (49%) said they are in the early stages of exploring AI as a tool for cybersecurity risk management.
- Cybersecurity threats: Respondents cited the following as the top three cyber threats they are most concerned about: Payment fraud/business email compromise (70%); ransomware (67%); and privacy threats and risk to personal identifiable information (52%). Respondents are least concerned about deepfakes, with just 5% citing them as a concern.
- Cybersecurity preparedness: Approximately 79% of compliance professionals expressed confidence in their firm’s ability to respond to a cyber breach. Only 40% have done an external test of the firms’ response plan.
- Cyber insurance: Approximately 83% are confident in their ability to respond to an unforeseen system outage. Most respondents (85%) who have cyber insurance say it is viewed as a key risk management tool.
- Vendor cybersecurity: Despite clear concerns over how vendor due diligence is performed, more than half (51%) of firms have not renegotiated any vendor contracts with additional cybersecurity provisions in the last 24 months.
"Our survey findings underscore the critical importance of staying ahead of evolving cybersecurity threats,” said Mike Pappacena, Partner at ACA Aponix. “As nearly half of the respondents express uncertainty about SEC enforcement, it's clear that regulatory compliance remains a top concern. At ACA, we're committed to providing our clients with robust regulatory guidance and solutions to navigate these challenges effectively."
“The Cybersecurity Benchmarking Survey continues to be a valuable resource to compliance professionals seeking insight about current and emerging cybersecurity trends, policies, and challenges across the financial services industry,” said Lisa Crossley, Executive Director, NSCP. “We are particularly proud of our partnership with ACA Group to help firms prioritize their cybersecurity programs.”
Results of the 2024 Cybersecurity Benchmarking Survey will be released during ACA’s and NSCP’s webcast on April 25, 2024.
About the survey respondents
Global compliance professionals from 308 financial services firms participated in the survey. All firm sizes were represented – with 23% of respondents managing between $2 billion and $10 billion in assets, 15% managing under $500 million, and 14% managing between $1 billion and $2 billion. Also of note: another 14% of respondents manage over $20 billion in assets. Close to half (48%) of responding firms reported having between 11 and 50 employees.
Responding firms belonged to varied business types, with most responses coming from asset managers/non alternatives (42%), broker-dealers (32%), and alternative investment advisors (11%).
About ACA Group
ACA Group (ACA) is the leading governance, risk, and compliance (GRC) advisor in financial services. For over 20 years, we’ve empowered our clients to reimagine GRC to launch, grow, and protect their business. Our global team of 1,250 employees includes former regulators and practitioners with a deep understanding of the regulatory landscape. Our innovative approach integrates advisory, managed services, distribution solutions, and analytics with our ComplianceAlpha® technology platform. For more information, visit www.acaglobal.com.
About NSCP
Since 1986, the National Society of Compliance Professionals has been the leading non-profit, membership organization dedicated to supporting compliance professionals in the financial services industry, focusing primarily on investment advisers, broker-dealers, and private funds. NSCP membership offers a wide range of compliance resources, educational opportunities, and regulatory advocacy and engagement. NSCP provides its members with essential information on compliance topics, regulatory insights, and useful tools through its monthly publication, online and in-person events, and within an interactive online community. NSCP members have access to a diverse community of compliance professionals who share their knowledge and expertise. For more information, visit www.nscp.org.
Media Contacts:
ACA Group
BackBay Communications
aca@backbaycommunications.com
NSCP
Colleen Gallagher
OnWrd & UpWrd
cgallagher@onwrdupwrd.com