Upping the Ante: Cybersecurity, the SEC and the Perils of Being Unprepared

November 23, 2015

The U.S. Securities and Exchange Commission is finally getting serious about cybersecurity – and for good reason. If the ever-growing business and headline risks aren’t enough to scare investment advisers and broker-dealers into action, they now have added motivation to make cybersecurity a top priority – impending regulatory examinations and enforcement proceedings.

Cybersecurity has been on the SEC’s radar for the past few years but only recently has the agency intensified its scrutiny of firms’ data security and governance protocols. And, in a series of bold public statements, the SEC is even promising to hold chief compliance officers accountable if they look the other way when it comes to implementing meaningful cybersecurity plans – including incident response protocols – to guard against and remediate when cybercriminals and hackers burst through a firm’s firewalls even when it’s the fault of a hapless employee or outside vendor.

To continue reading Craig Newman's article in the November 23, 2015 edition of Bloomberg BNA's Securities Regulation & Law Report, please click here.