All Blog Posts

ECI recently hosted a webinar on proposed rules by the U.S. Securities and Exchange Commission (SEC) regarding Cybersecurity Risk Management. Joining ECI CIO Rich Itri and CTO Steve Schoener on the panel were Regulatory Counsel Founder Scott Pomfret and Daniel Bresler, a partner in the Investment Management Group at Seward & Kissel LLP. Here is a Q&A recap of the major webinar themes and takeaways on the cybersecurity, legal, technological, compliance and related impacts of the upcoming rules.

This post continues our recap of a recent webinar ECI hosted on new Cybersecurity Risk Management Rules that the U.S. Securities and Exchange Commission (SEC) is developing and on track to release this Spring.  In Part 1, we explored the likely impact of the rules on financial firms and the challenges these firms may face in adapting to a higher regulatory bar. 

The U.S. Securities and Exchange Commission (SEC) has moved a step closer to adoption of its proposed Cybersecurity Risk Management Rules. Originally proposed in February 2022, the regulations recently advanced to the final rule stage on the agency’s Regulatory Flexibility Agenda and opened for an additional period of commentary –likely signaling action to come this Spring. There is a lot to unpack in the proposed rules and what they mean for financial firms. That’s why we’re devoting the next two blog posts to highlighting key insights and takeaways from a recent webinar ECI hosted on the topic.

Risk management, compliance and IT governance are core priorities in any organization. They also happen to be complex and highly-interrelated factors that form the basis of a company’s cybersecurity posture. Because of this, organizations can’t afford to look at each in isolation.

A well-coordinated security automation deployment can remove human error from the equation and eliminate the need to scale the workforce to keep pace with security tasks. But the benefits of security automation don’t come, well, automatically. That’s because security automation is not just one tool or capability; it’s more like an ecosystem. In reality, security automation is a suite of functions that must all work together to secure data, systems and processes in an enterprise that is operating at scale.

Regulatory compliance can be a challenge for any business, but few regulatory scenarios are more daunting than a financial firm trying to operate efficiently and compliantly at scale. As these organizations increasingly leverage digital transformation and modern cloud deployments to expand operations and services, the number of regulatory rules and enforcement areas can multiply.

Our recent post on striking the delicate seamless vs. secure balance in enterprise security touched on Just-in-Time (JIT) access management as a powerful tool for putting Zero Trust security principles to work in the organization. It’s worth a closer look to see just how powerful the right JIT implementation can be and how to customize such implementations to suit the needs of a particular business.

When an organization considers hiring an MSP for cybersecurity support, a lot of the C-suite discussions for choosing that partner tend to center on the technology. Companies realize that keeping up with modern cyber threats at scale requires a partner that can orchestrate stronger authentication, better vulnerability scanning, security automation and other technology tools to protect the organization.

Balancing security requirements with the need for seamless customer and user experience is an age-old conundrum in cybersecurity – one that’s gotten more difficult to solve in a modern era of multi-factor authentication and multiple cyber threats.

Financial services companies must comply with a wide range of cybersecurity- and privacy-related regulations. As regulators and the general public become more aware of cyber threats and privacy issues, the stakes are getting higher.