TLDR:
- Nearly 4 in 10 compliance professionals in the financial services sector have not evaluated AI as a cybersecurity risk.
- Survey findings show concerns about compliance with SEC cybersecurity rules and uncertainty about enforcement.
According to a recent survey conducted by the ACA Group and the National Society of Compliance Professionals, nearly 4 in 10 compliance professionals in asset management, investment adviser, and private markets firms have not evaluated Artificial Intelligence (AI) as a cybersecurity risk. The survey, fielded among global compliance professionals from 308 financial services firms, highlighted various key findings:
- 44% of respondents are uncertain about how the SEC will enforce new cybersecurity rules.
- 36% have concerns about complying with cyber-incident reporting requirements and timeframes.
- 38% have not identified AI as a cybersecurity risk, while 27% do not consider AI relevant to cybersecurity.
- 49% are exploring AI as a tool for cybersecurity risk management.
- Top concerns include payment fraud/business email compromise, ransomware, and privacy threats.
- 79% expressed confidence in their firm’s ability to respond to a cyberbreach, but only 40% have tested their response plan externally.
- 83% are confident in their ability to respond to system outages, with cyber insurance seen as a key risk management tool.
- 51% have not renegotiated vendor contracts with additional cybersecurity provisions in the last 24 months.
The survey’s findings underscore the importance of addressing evolving cybersecurity threats and staying ahead of regulatory compliance concerns. The SEC has pending projects focusing on addressing cybersecurity and AI risks in the securities markets, with proposals to require market entities to implement policies and procedures to address cybersecurity risks. The full survey results will be released in April, shedding more light on the challenges and preparedness of financial services firms in managing cybersecurity risks.