Sutherland and the Financial Services Institute Complete Benchmarking Survey on Cybersecurity Practices

WASHINGTON—Sutherland Asbill & Brennan LLP and the Financial Services Institute (FSI) have completed a survey of FSI members concerning cybersecurity issues. The survey included responses from 39 broker-dealers (92% of which were dually registered as investment advisers), ranging in size from fewer than 100 registered representatives to more than 2,000. The survey covered a variety of topics, including the use and protection of mobile devices, cybersecurity governance, technical safeguards, customer authentication, and vendor management. Among the survey’s findings:

  • 32% of the surveyed firms experienced a cybersecurity incident in 2013 or 2014.
  • 86% of the surveyed firms that carry cyber-insurance have policies covering costs related to cyber-incidents attributable to vendors.
  • 88% of the surveyed firms utilize email encryption.
  • 88% of the surveyed firms automatically update their antivirus software.
  • 100% of the surveyed firms terminate third parties’ passwords and system access once they have completed their work.

According to Brian L. Rubin, a partner in Sutherland’s Securities Enforcement and Litigation group: “As data breaches continue to generate headlines and as regulators continue to focus on these issues during examinations, firms are coming under increasing pressure to have reasonable practices to protect customer information. Our survey is an important step in understanding the current cybersecurity state of play among independent contractor broker-dealers. We look forward to continuing to work with FSI and its members to develop best practices for keeping customer information safe.”

Mr. Rubin noted that “there are a number of steps that firms might consider taking to help protect their sensitive data and to help defend them from after-the-fact second guessing by the regulators.” Although he emphasized that “there is no one-size-fits-all cybersecurity program,” Mr. Rubin noted that firms could consider implementing the following:

  • Updating policies and procedures to address cybersecurity-related issues.
  • Conducting self-assessments of cybersecurity readiness.
  • Keeping current on recent cyberattacks in the financial services and other industries.
  • Maintaining and updating antivirus, antimalware, and antispyware software on all stationary and mobile devices.
  • Protecting and inventorying mobile devices.
  • Understanding the cybersecurity practices of vendors that have access to sensitive information.
  • Analyzing whether to purchase cyber-liability insurance.

About the Financial Services Institute (FSI): The Financial Services Institute is the only organization advocating solely on behalf of independent financial advisors and independent financial services firms. Since 2004, through advocacy, education and public awareness, FSI has successfully promoted a more responsible regulatory environment for more than 37,000 independent financial advisors, and more than 100 independent financial services firms who represent upwards of 160,000 affiliated financial advisors. We effect change through involvement in FINRA governance as well as constructive engagement in the regulatory and legislative processes, working to create a healthier regulatory environment for our members so they can provide affordable, objective advice to hard-working Main Street Americans. For more information, please visit

Sutherland is an international legal service provider helping the world’s largest companies, industry leaders, sector innovators and business entrepreneurs solve their biggest challenges and reach their business goals. More than 435 lawyers across seven major practice areas—corporate, energy and environmental, financial services, intellectual property, litigation, real estate and tax—provide the framework for an extensive range of focus areas. Sutherland is composed of associated legal practices that are separate entities, doing business in the United States as Sutherland Asbill & Brennan LLP, and as Arbis Sutherland LLP in London and Geneva. Arbis Sutherland LLP is a limited liability partnership and is registered in England and Wales with registered number OC348198. Its registered office is at Marble Quay, St Katherine’s Dock, London E1W 1UH. Arbis Sutherland LLP is authorized and regulated by the Solicitors Regulation Authority of England and Wales whose regulatory requirements can be accessed at A list of the members of Arbis Sutherland LLP and their professional qualifications is open to inspection at its registered office.

Back to top