Top Stories
Top Stories

What happens if your broker-dealer is hacked may surprise you

Thomas Samson | AFP | Getty Images

Investors, beware. If your broker-dealer suffers a cyberbreach, any losses you suffer may not be covered.

Not all firms are prepared to deal with or pay for a cyber-related incident that could cause investor losses, according to a risk alert issued by the Securities and Exchange Commission earlier this week.

The caution came after an SEC report that examined 57 registered broker-dealers and 49 registered investment advisors revealed that only 15 percent of broker-dealers and 9 percent of advisors offered security guarantees to protect their clients against cyber-related losses.

What's more, while having cybersecurity insurance is considered a best practice for broker-dealers, it is not legally required. Of the broker-dealers examined, 58 percent had insurance for cyberincidents. However, only 21 percent of advisors maintained cyber-specific coverage.

"Broker-dealers fall on the lower end of the spectrum when it comes to having the necessary cyberprecautions in place" compared to many other financial institutions, said Joe Loomis, CEO of security firm CyberSponse.

Read More This is how dire cyberthreats have gotten: Expert

While the majority of firms do conduct periodic risk assessments to identify cybersecurity threats, not all firms require their vendors to meet the same security standards.

According to the report 84 percent of broker-dealers and 32 percent of advisors require the same risk assessments from third parties who have access to their network.

Loomis, who works with financial institutions to provide security solutions, said that as cybercriminals continue to target financial services institutions, it's important for people to take their own steps to protect their online accounts.

"Everybody blindly trusts everybody because it's easier to trust than to manage the risk," Loomis said. "If you get mugged, a bank isn't going to reimburse you. You have to be smart enough to protect yourself from the dangers of this world. And that includes on the Internet and with service providers."

He said investors accessing their financial accounts online should use a password manager like LastPass that encrypts their password. He also recommended to always use two-factor authentication when logging into an account online.

Investors should also be asking their broker and advisory firms specific questions about what cybersecurity measures they are taking and what kind of coverage they guarantee in case the firm itself or the user's account is breached, said Brian Rubin, head of Sutherland Asbill & Brennan's securities enforcement and litigation practice.

According to the SEC examination, responsibility isn't spelled out in a firm's policies. In fact, only 30 percent of broker-dealers and 13 percent of investment advisors have a policy in place to determine whether they are responsible for a client loss associated with a cyberincident, the agency's report said.

Read More Anthem hacked, millions of records likely stolen