Don't Forget to Share this Post
Act Now to Address the SEC’s New Cybersecurity Risk Management Rules
By ECI |
Thursday, June 9th, 2022
Financial services firms are well aware of increasing cyber risk. Targeted phishing campaigns, devastating ransomware, advanced persistent threats from organized crime groups backed by adversarial nations: The threats and threat actors have escalated in frequency and in sophistication. As only one indicator, the Financial Services Information Sharing and Analysis Center (FS-ISAC) raised its threat level an unprecedented three times in 2021.
In response to these realities, in February 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules related to cybersecurity risk management. The rules apply to registered investment advisers as well as registered investment companies and business development companies – that is, funds. The proposal also includes amendments to rules that govern reporting and disclosures.
The move follows sanctioning of eight firms in August 2021 for failures in their cybersecurity policies and procedures – clear evidence the SEC is taking cybersecurity enforcement seriously.
There’s a lot to unpack in the 224-page SEC document that delineates the new rules. But the takeaway is that investment advisers and funds must take specific actions around seven core aspects of cyber risk management: policies and procedures, access management, data protection, vulnerability management, incident response, reporting, and accountability.
The time to take action is now. With the public comment period already closed, final SEC rulemaking is expected soon. And addressing all aspects of the directives isn’t something your firm will achieve overnight.
The good news is that the new SEC rules represent best practices for safeguarding your information assets from cyberattack – and should be implemented regardless of the final rules the SEC settles on. Following the recommendations will help you achieve compliance, secure your business against disruption, and help build trust with regulators and clients.
In our latest whitepaper “New Cybersecurity Rules for a Changing Threat Landscape,” we detail the 7 most important rules to help you understand the SEC’s guidance prepare for what’s next. Some of the key takeaways we share include:
In response to these realities, in February 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules related to cybersecurity risk management. The rules apply to registered investment advisers as well as registered investment companies and business development companies – that is, funds. The proposal also includes amendments to rules that govern reporting and disclosures.
The move follows sanctioning of eight firms in August 2021 for failures in their cybersecurity policies and procedures – clear evidence the SEC is taking cybersecurity enforcement seriously.
There’s a lot to unpack in the 224-page SEC document that delineates the new rules. But the takeaway is that investment advisers and funds must take specific actions around seven core aspects of cyber risk management: policies and procedures, access management, data protection, vulnerability management, incident response, reporting, and accountability.
The time to take action is now. With the public comment period already closed, final SEC rulemaking is expected soon. And addressing all aspects of the directives isn’t something your firm will achieve overnight.
The good news is that the new SEC rules represent best practices for safeguarding your information assets from cyberattack – and should be implemented regardless of the final rules the SEC settles on. Following the recommendations will help you achieve compliance, secure your business against disruption, and help build trust with regulators and clients.
In our latest whitepaper “New Cybersecurity Rules for a Changing Threat Landscape,” we detail the 7 most important rules to help you understand the SEC’s guidance prepare for what’s next. Some of the key takeaways we share include:
- How to implement access management and data protection best practices, reporting and disclosure procedures, and more
- Actions you can take today to prepare for the new rules
- How to comply with the SEC’s proposal—and be better protected in the future
For ECI’s full insights, download New SEC Rules for Cybersecurity Risk Management: How Investment Advisers and Funds Should Respond Today.
Don't Forget to Share this Post
