The Importance of Data Protection and Cybersecurity: How to protect yourself from Cybersecurity risks of Robo-Advisers

By Majda Muhic & Qudsia Shafiq, Spring 2017 IAC Student Interns

What kind of information is your robo-adviser collecting from you? How will they store it? What security measures will they take to ensure your data is protected? Are the algorithms your investments are based on protected? These decisions lie in the hands of your robo-adviser – but what can you do?

Because of the sensitive information that is gathered from an investor, it is important for you to select a robo-adviser that will take the necessary security compliance measures to protect your confidential information and will prioritize data integrity.

Hack here, hack there – we hear about it all the time. Any industry is at risk: from the medical sector to the business sector, from the government sector to the military sector.  Only four months into 2017 and the IRS has already experienced a data breach putting nearly 100,000 taxpayers at risk. The increasing use of technology in the case of investors to meet their wealth management is no different than other sectors. And an industry- or sector-specific risk is also a risk for you.

THE SEC has emphasized the need to protect confidential and sensitive information related to these activities from third parties, including information concerning fund investors and advisory clients. These concerns include data protection, privacy and cybersecurity concerns.

What was the SEC’s recommendation in the Cybersecurity Guidance for registered investment companies and registered investment advisers? “An adviser generally should consider and address as relevant the operational and other risks related to cyberattacks.”

The  Guidance  suggests that robo-advisers consider adopting written policies and procedures addressing those risks, covering areas such as the development, testing and backtesting of algorithms and post-implementation monitoring, disclosure to clients of changes to algorithms that could materially affect their portfolios, and the prevention, detection of, and response to cybersecurity threats. The SEC also stressed the importance of including a communication plan with client to notify and update them about significant business disruptions that would materially impact ongoing client services (e.g., periodic updates to websites and customer service lines.)