Hackers are heavily targeting U.S. brokerage firms and financial advisers, the Securities and Exchange Commission (SEC) said in a report released Tuesday.
At least 88 percent of broker-dealers and 74 percent of advisers have been hit by a cyberattack, the SEC said. The successful attacks — often fraudulent emails requesting to transfer client funds — have caused firms to lose anywhere from $5,000 to over $75,000 in each instance.
The report is the result of a 2014 investigation into the cybersecurity practices of more than 100 broker-dealers and investment advisers.
“Our examinations assessed a cross-section of the industry as a way to inform the commission on the current state of cybersecurity preparedness,” said Andrew Bowden, who heads the SEC's Office of Compliance Inspections and Examinations.
The government has been moving to increase cybersecurity oversight following a series of high-profile breaches at companies like Target, Home Depot, JPMorgan Chase and Sony Pictures Entertainment.
The SEC is considering measures that would require companies to disclose more information about their cybersecurity vulnerabilities.
The commission found that despite the widespread presence of written cybersecurity policies, employees do not always follow them. A quarter of the successful attacks occurred because employees failed to follow the company’s identity authentication procedures.
There was also a gap in cyber policies between financial advisers and brokerage firms. Nearly 90 percent of brokerage firms regularly audit their cyber policies, while only 57 percent of financial advisers do so.
And less than a third of advisers review the cybersecurity policies of their outside contractors, while 84 percent of broker-dealers conduct such assessments.
Many of the recent major breaches, including those at Target and JPMorgan, occured because of security lapses at outside vendors.