ACA Cyber Survey Tracks Trends in Spending, Oversight

ACA Aponix and the National Society of Compliance Professionals released a joint survey on current and emerging cybersecurity trends, policies, and challenges across the financial services industry. The report’s findings center around five categories: cyber concerns and threats; cyber spend; cyber staff;  cyber program and preparedness; and third-party management. The 2021 NSCP survey was conducted between September and October 2021 and collected responses from firms with affiliations to ACA and/or the National Society of Compliance Professionals. The survey received a total of 171 respondents. Asset managers and non-alternative investment advisors represented close to half of respondents (49%), followed by alternative investment advisers (37%), other financial services (7%), broker dealers (3%), and other non-financial services (3%). Following are a few survey findings:

• Ransomware was the most common concern in 2021 with 83% of respondents stating they were either “moderately” or “extremely concerned” about ransomware. Business Email Compromise (BEC) was the second top concern with 76% of respondents stating they were “moderately” or “extremely concerned” about BEC.
• The median cyber budget for firms with AUM over $20 billion was $100-250,000, whereas the median cyber budget for firms with AUM under $1 billion was $10-25,000.
• 81% of firms stated that regulators were a top driver behind their focus on cybersecurity, followed by 71% stating clients were another key driver.
• 66% of 2021 respondents stated they conduct information security vendor due diligence on “key” vendors annually.
• The top three approaches for conducting information security due diligence included: internal questionnaires (36%), vendor audit reports (31%), and third-party questionnaires (27%).