2024 Cybersecurity Benchmarking Survey Results


ACA Aponix

Publish Date



  • Cybersecurity

The 2024 Cybersecurity Benchmarking Survey, a joint project of ACA Group and the National Society of Compliance Professionals (NSCP), is an online survey that was conducted between January and February 2024. Conducted biannually, the survey helps firms better manage increasing expectations and uncertainty around cybersecurity risk.

This year’s survey covered a wide range of topics and involved the participation of compliance professionals at 308 financial services firms of various sizes. Below is a snapshot of the insights obtained from this survey.

Regulatory Preparedness: Firms are most concerned over new SEC cybersecurity rules and how best to comply

With new U.S. Securities Exchange Commission (SEC) rules, such as the public company incident disclosure rule, soon to take effect, firms expressed concerns over complying with new cybersecurity incident reporting requirements and timeframes. Uncertainty over how the rules will be enforced is causing the most concern to 44% of respondent firms.

AI Risk Management: Firms are still adapting to the existence of AI

AI has been slow to be assessed as a potential cybersecurity risk, as nearly 40% of respondents indicated their firms have yet to evaluate it as such. Nearly 50% of firms, however, signaled they were in the early stages of exploring AI as a potential cybersecurity tool.

Regulatory Preparedness: Firms are most concerned over new SEC cybersecurity rules and how best to comply

While 70% of firms stated they were “confident” or “very confident” in their ability to respond to a cybersecurity breach, and 93% of firms indicated similar confidence levels in their ability to respond to an unforeseen system outage, only 40% of firms disclosed that they performed an external assessment of their response plans. This highlights a significant discrepancy between expressed response confidence and response preparedness.

Cyber Insurance: 83% of firms have at least some coverage

Most firms indicated they possessed at least some cyber insurance coverage, with less than 20% disclosing no coverage at all. Firms revealed cyber insurance is seen as a key risk management tool. However, budgetary constraints seem to be the main limiting factor for insurance coverage, with 46% of firms with cybersecurity budgets under $10,000 stating they lacked coverage.

Download the full report

Learn about all of our findings from this survey in our full report. The survey covers:

  • Cybersecurity risk management priorities
  • Cybersecurity resourcing
  • Third-party risk management
  • Regulatory preparedness


About the survey respondents

Global compliance professionals from 308 financial services firms participated in the survey. All firm sizes were represented – with 23% of respondents managing between $2 billion and $10 billion in assets, 15% managing under $500 million, and 14% managing between $1 billion and $2 billion. Also of note: another 14% of respondents manage over $20 billion in assets. Close to half (48%) of responding firms reported having between 11 and 50 employees.

Responding firms belonged to varied business types, with most responses coming from asset managers/non alternatives (42%), broker-dealers (32%), and alternative investment advisors (11%).

About ACA Group

ACA Group (ACA) is the leading governance, risk, and compliance (GRC) advisor in financial services. For over 20 years, we’ve empowered our clients to reimagine GRC to launch, grow, and protect their business. Our global team of 1,250 employees includes former regulators and practitioners with a deep understanding of the regulatory landscape. Our innovative approach integrates advisory, managed services, distribution solutions, and analytics with our ComplianceAlpha® technology platform. For more information, visit www.acaglobal.com.

About NSCP

Since 1986, the National Society of Compliance Professionals has been the leading non-profit, membership organization dedicated to supporting compliance professionals in the financial services industry, focusing primarily on investment advisers, broker-dealers, and private funds. NSCP membership offers a wide range of compliance resources, educational opportunities, and regulatory advocacy and engagement. NSCP provides its members with essential information on compliance topics, regulatory insights, and useful tools through its monthly publication, online and in-person events, and within an interactive online community. NSCP members have access to a diverse community of compliance professionals who share their knowledge and expertise. For more information, visit www.nscp.org.