SEC to Start Conducting Additional Cybersecurity Exams
Due to recent cybersecurity breaches and continuing cybersecurity threats against financial services firms, the SEC's Office of Compliance Inspections and Examinations (OCIE) will soon begin its second round of cybersecurity exams. The OCIE will be closely examining the policies and procedures broker-dealers and investment advisers have in place to protect private information and keep hackers away.
On September 15, the OCIE issued a risk alert to provide additional information on the focus areas for these exams. Broker-dealer and investment adviser firms should ensure they are addressing cybersecurity measures in the following areas:
- Governance and risk assessment
- Access rights and controls
- Data loss prevention
- Vendor management
- Incident response
To help firms assess their cybersecurity preparedness, the OCIE included a sample document request in the risk alert's appendix.
While cybersecurity can be a daunting challenge, we have a number of educational resources and qualified professionals to help you address your cybersecurity risk and firm exposure.
- As Data Breach Costs Hit Record High, Court Affirms FTC's Power to Regulate Cybersecurity
- Most Broker-Dealers and Financial Advisers Have Experienced Cyberattacks
- SEC Releases Cybersecurity Examination Blueprint
- Video: Cybersecurity
- Video: Cyber Insurance
- Keep Your Pen Tester Honest: What a Merchant or Service Provider Should Expect
- Questions to Ask Regarding Security Risks
- Cybersecurity Infographic: Frequency and Origins of Data Breaches
To discuss your firm’s IT, cybersecurity and cyber insurance needs, contact: