The SEC continues to increase its focus on cybersecurity preparedness. As we have reported in prior blogs here and here, we believe that cybersecurity will become an increasingly important element of the SEC’s disclosure and enforcement efforts. Recent events show that the SEC is ramping up its efforts in the cybersecurity area, and we believe that all companies who are potentially affected by these SEC activities should pay special attention to their cybersecurity preparedness and should anticipate possible SEC action in this area.
The SEC’s most recent activity in the cybersecurity area involves registered broker-dealers and registered investment advisers. These entities are logical choices for a cybersecurity focus because of the large volume of confidential and very sensitive customer information that they hold. The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced this cybersecurity focus in an April 15, 2014 Risk Alert which stated that the SEC plans to mount an initiative to assess cybersecurity preparedness in the securities industry. The SEC had previously laid the groundwork for this initiative during a March 26, 2014 Cybersecurity Roundtable when Chair White stressed the vital importance of cybersecurity to our market system and consumer data protection. She also called for more public/private cooperation in strengthening cybersecurity preparedness. Other SEC participants at this Roundtable stressed the importance of gathering data and information regarding cybersecurity preparedness so that the SEC could determine what additional steps it should take in this area.
The OCIE’s cybersecurity initiative will assess cybersecurity preparedness in the securities industry and obtain data and information about the securities industry’s recent experiences with cyber threats and cybersecurity breaches. As part of this initiative, the OCIE announced that it will conduct examinations of more than 50 registered broker-dealers and registered investment advisers to obtain cybersecurity data and information and to assess the preparedness of these entities to defend against cyber threats. According to the Risk Alert, this investigation will focus on such things as Continue Reading