Regulatory Compliance Assessment Protects RIA from Ransomware Event



The Registered Investment Advisor (RIA) sought BW Cyber Services’ assistance to meet regulatory requirements associated with cybersecurity compliance. Additionally, the RIA recognized the emerging risks associated with a cybersecurity breach and wanted to demonstrate to their client base their high-standards of security protection for client data.



After a thorough evaluation and regulatory-focused assessment process, BW Cyber Services determined that the RIA had “inherited” many IT and related security vulnerabilities as a result of the poor security hygiene and related lax security controls implemented by their outsource IT Managed Service Provider (MSP). Additionally, BW Cyber Services identified additional reputational and litigation-related risks associated with how the RIA stored client data.



BW Cyber Services provided multiple recommendations based on industry best practices and industry-unique security standards to better protect the RIA’s sensitive and confidential information.  BW Cyber Services provided a set of similar recommendations to the RIA’s IT MSP that were considered to be “Essential” for the IT MSP to remain as the RIA’s vendor.  The RIA took all the recommendations seriously and implemented them both internally as well as in collaboration the IT MSP (in many instances, the RIA forced the IT MSP to make changes unique to the RIA in order to remain a client).

Within a year of BW Cyber Services’ assessment, the RIA’s IT MSP was breached and became the victim of a debilitating data ransomware attack. Fortunately, the RIA had implemented all the recommendations made by BW Cyber Services (to include the recommendations directed at the IT MSP) which resulted in the RIA suffering NO DATA COMPROMISE OR DATA LOSS and no significant interruption of their operations.

This was not the case for the IT MSP’s other customers who suffered serious disruptions to their operations as well as significant data compromises.