The Securities and Exchange Commission announced Wednesday that it imposed a total of $2.5 million in fines on J.P. Morgan Securities, UBS Financial Services Inc. and TradeStation Securities Inc. for deficiencies related to their efforts to protect customers from identity theft.
Read MoreOn May 3, 2022 the Securities and Exchange Commission (the “SEC”) announced the addition of 20 new positions to the Division of Enforcement’s newly renamed Crypto Assets and Cyber Unit (formerly known as the Cyber Unit), expanding the Crypto Assets and Cyber Unit to 50 positions (the “Announcement”).[i] With its expanded numbers, the Crypto Assets and Cyber Unit will continue to identify cybersecurity disclosure and control issues and will focus on investigating:
Read MoreCybersecurity is now battling a human problem just as much, if not more, than a technical one.
According to Verizon’s 2021 Data Breach Investigations Report, 85% of successful cyberattacks now involve a human element. Combine that with the fact that even the very best technology can only thwart about 93% of attacks, and that leaves a large hole in an organization’s basic security hygiene. This gap forces employees to make split decisions that can affect security, and failure to choose correctly puts disaster just a click away.
Read MoreIf you haven’t planned for an SEC audit, you should.
Why? Because you are likely to face one. Advances in technology and the adoption of a data-centric approach have made it fast and easy for the SEC to comprehensively audit even the smallest firm, regardless of its location.
Read MoreRecently, Private Client Services, LLC (“PCS”) confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information through a compromised employee email account. According to the PCS, the breach resulted in the names, Social Security numbers, driver’s license numbers and state identification numbers being compromised. On May 27, 2022, PCS filed official notice of the breach and sent out data breach letters to all affected parties. In total, the company sent out 22,554 letters.
Read More2022 is not even halfway over, and the Securities and Exchange Commission (SEC) has already made it a banner year for the SEC’s efforts to shape cybersecurity policy. This alert highlights this year’s cyber developments to date and the SEC’s likely future regulatory efforts in this space.
Read MoreSeveral states are offering legal safe harbors to businesses that follow industry-recommended cybersecurity frameworks, in a carrot-not-stick approach intended to encourage better defenses.
Read MoreThe Securities and Exchange Commission has bolstered the size of its teams dealing with cybersecurity and cryptocurrency, according to the associate director of its enforcement division. Last year, the Securities and Exchange Commission sanctioned eight firms for cybersecurity failures.
Read MoreIt’s rainy season for proposed SEC cybersecurity rules. The first watershed was proposed regulations targeting investment companies’ and advisers’ cybersecurity preparedness. See “SEC Plants New Cybersecurity Regulations; Time Will Tell What Will Bloom.” The next torrent arrived on March 9 and threatens to soak public companies. See “Four Takeaways From the SEC’s Proposed Cyber Rule for Public Companies.”
While the proposals differ in many respects, the forecast is clear:
In its most focused and significant response to cyber threats in nearly 20 years, the Securities and Exchange Commission released on Feb. 9 proposed new rules regarding cybersecurity risk management, risk disclosures and reporting. My partner Trina Glass spoke to me about the impact that Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38-2 under the Investment Company Act of 1940 could have on the advisory industry.
Read More