Under the regulation, advisers would have to adopt and implement policies and procedures to address cyber risks and report incidents to the SEC and on their Form ADV.
Read MoreU.S. Securities and Exchange Commission (SEC) Chair Gary Gensler made remarks on Jan. 24, 2022, at Northwestern University Pritzker School of Law's Annual Securities Regulation Institute regarding the SEC's work to improve "the … cybersecurity posture and resiliency of the financial sector." Consistent with Holland & Knight's recent SECond Opinions Blog post highlighting the SEC's more aggressive cyber posture in 2021, Gensler indicated that the SEC will consider updating existing cybersecurity disclosure and reporting rules and requirements in 2022 for entities regulated by the SEC and expanding cybersecurity requirements on those entities falling outside the agency's direct regulatory regime.
Read MoreWhat You Need to Know
Gensler has asked for recommendations on how advisors and BDs can strengthen their cybersecurity and incident reporting.
Gensler sees opportunities to expand Regulation S-P, a rule about protecting customers' personal data.
He also wants to broaden Reg SCI to more types of firms, like big market makers, BDs and Treasury trading platforms.
This year saw a number of significant changes on both the state and federal levels with regard to data privacy and data security. These changes reflect the increasing focus on the digital landscape to which the global economy has shifted and emphasized a much sharper focus on protecting sensitive information. Indeed, the significance of having strong cybersecurity regulations was emphasized from the top down in the United States, including an emphasis on improving and updating cybersecurity defenses and protections for federal government networks, as outlined in President Biden's May 12, 2021 Executive Order on Improving the Nation's Cybersecurity. This article highlights the legislative and litigation developments in 2021 and discusses what may lie ahead in 2022 for businesses that collect, process, and store sensitive information.
Read MoreIndividuals’ use of insecure cybersecurity behaviors, including the use of weak passwords, is a leading contributor to cybersecurity breaches.
Read MoreThe U.S. Securities and Exchange Commission (SEC) is sending a clear message to all its regulated companies. The days of complacency, shoddy follow-through and minimal investment into cybersecurity compliance programs are over.
Read MoreWhat You Need to Know
Of the 6.3 billion global web attacks in 2020, 736 million targeted the financial services business.
The most likely cybersecurity threats for a small office are manageable, even for a non-technical employee.
Beware of non-computer items that offer gateways to your network, like coffee makers.
Companies of all sizes have adapted to remote and hybrid models for the workplace, and many are making the changes permanent as employees grow accustomed to this new environment. Today’s digital economy presents unique opportunities for small and medium-sized businesses (SMBs) to connect with employees and customers in new and efficient ways but comes with considerable cyber risk.
Read MoreConnecticut has become the third state to pass a “Safe Harbor” statute offering protection to businesses who face civil lawsuits based on data breaches.
Read MoreOn October 29, 2021, Commissioner Elad L. Roisman spoke to the Los Angeles County Bar Association and discussed the challenges SEC registrants face when dealing with cyber threats. In addition to articulating the current obligations of Registered Investment Advisors (“RIAs”) regarding cybersecurity, Roisman expressed his belief that further rulemaking is necessary to clarify advisors’ obligations. His speech can be reviewed at https://www.sec.gov/news/speech/roisman-cybersecurity-102921.
Read More