Where does your firm’s cyber security policy responsibility begin and end? To what extent are you responsible for protecting the home office from bad actors? Are you responsible for protecting your advisors and their staff from predators? Are you responsible for protecting the investor customer from phishing and social engineering attacks based on your interactions with them?  What is the extent of your responsibility of your cyber protection resources beyond the home office – education, intrusion detection, prevention, hands/eyes support, and insurance.  To protect “the business footprint” you are responsible for, what capabilities and tools are you using? Technology, process, and/or education are all tools. To what extent are they working, and where are they coming up short? If not, what can you do to make processes more efficient and effective?  To what extent do you engage in “investor client” educational protection to help keep their information secure.