Skip to Content
Advisor Insights

Clearing Up Cybersecurity Confusion

What's required, what's best practice, and what the risks are for advisors.

Most advisors understand that cybersecurity and protecting client data are of paramount importance, yet significant confusion remains as to what specific cybersecurity rules (if any) apply to investment advisors. Additionally, and with the ever-evolving nature of the cybersecurity challenge, many advisors assume that protecting client data and staying compliant require outsourcing these tasks entirely, purchasing expensive tools, or both. While outsourcing and quality cybersecurity tools can certainly be of benefit, advisors would be best served to understand what's required, what's best practice, and what their risks are before tackling the cybersecurity process and compliance.

What Cybersecurity Regulations Apply to Registered Investment Advisors?
Investment advisors must follow the requirements of their specific regulatory body, and for Registered Investment Advisors, this means looking to either the SEC or their state securities division. Yet those searching for a cut-and-dried list of cybersecurity rules and requirements from their regulators are likely to be disappointed. Specifically, the SEC will direct you to Regulation S-P, which requires registered broker/dealers, investment companies, and investment advisors to "adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information." Considered alone, this is an extremely vague requirement.

Transparency is how we protect the integrity of our work and keep empowering investors to achieve their goals and dreams. And we have unwavering standards for how we keep that integrity intact, from our research and data to our policies on content and your personal data.

We’d like to share more about how we work and what drives our day-to-day business.

We sell different types of products and services to both investment professionals and individual investors. These products and services are usually sold through license agreements or subscriptions. Our investment management business generates asset-based fees, which are calculated as a percentage of assets under management. We also sell both admissions and sponsorship packages for our investment conferences and advertising on our websites and newsletters.

How we use your information depends on the product and service that you use and your relationship with us. We may use it to:

  • Verify your identity, personalize the content you receive, or create and administer your account.
  • Provide specific products and services to you, such as portfolio management or data aggregation.
  • Develop and improve features of our offerings.
  • Gear advertisements and other marketing efforts towards your interests.

To learn more about how we handle and protect your data, visit our privacy center.

Maintaining independence and editorial freedom is essential to our mission of empowering investor success. We provide a platform for our authors to report on investments fairly, accurately, and from the investor’s point of view. We also respect individual opinions––they represent the unvarnished thinking of our people and exacting analysis of our research processes. Our authors can publish views that we may or may not agree with, but they show their work, distinguish facts from opinions, and make sure their analysis is clear and in no way misleading or deceptive.

To further protect the integrity of our editorial content, we keep a strict separation between our sales teams and authors to remove any pressure or influence on our analyses and research.

Read our editorial policy to learn more about our process.