The Securities Exchange Commission (“SEC”), Office of Compliance Inspections and Examinations (the “OCIE”), published a Risk Alert describing its findings from its second cybersecurity survey of regulated entities (the “Cybersecurity 2 Initiative”).
Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws
The Securities Exchange Commission (“SEC”), Office of Compliance Inspections and Examinations (the “OCIE”), published a Risk Alert describing its findings from its second cybersecurity survey of regulated entities (the “Cybersecurity 2 Initiative”).
The survey covered 75 registered broker-dealers, investment advisers, and investment companies and built upon OCIE’s prior round of cybersecurity examinations in 2014 (the “Cybersecurity 1 Initiative”).
While OCIE found improvements in cybersecurity preparedness since the Cybersecurity 1 Initiative, it also identified areas for improvement. Among other things, OCIE concluded that it is not sufficient for firms to simply establish written cybersecurity policies and procedures—such policies must also be maintained, sensibly enforced, and capable of addressing cybersecurity deficiencies as they arise.
Click here, to continue reading.
WE VALUE YOUR PRIVACY
This site uses cookies and full details are set out in our Cookie Policy. Essential Cookies are always on; to accept Analytics Cookies, click "I agree to all cookies."