Four Steps To Implementing New SEC© Cyber-Security Guidelines

Publisher: Forbes
Author: James Hampshire

In April the US Securities and Exchange Commission’s Division of Investment Management released cybersecurity guidance for registered investment firms and advisors.

It was hardly a surprise. The SEC© has shown increasing interest in cyber-security in recent years, urging publicly traded companies to discuss cyber risks and disclose data breaches in public filings. And last year the SEC’s Office of Compliance Inspections and Examinations conducted a survey of registered broker-dealers investment advisers to establish a baseline of their cyber-security standards.

The SEC’s actions form part of a wider, worldwide trend of financial of regulators recognizing the potential impact cyber risk could have on markets and encouraging investment firms to up their game on security. This approach implies that if the sector does not raise its standards voluntarily, then new legislation or regulation may force it to.  Despite pressure from regulators, firms should not see cyber-security as a regulatory compliance exercise; cyber risk can have huge operational, financial and reputational impacts, so it is in firms’ best interest to critically examine their security posture.

The new SEC© guidelines are thankfully simple and clear, and firms can implement them by taking a four-step approach.

For full access to the article, please click here.