Cybersecurity Compliance Just Got Tougher

While cybersecurity risks have increased, government regulation has traditionally lagged behind. Recently, some government entities have tried to catch up by mandating that companies take a proactive approach toward protecting personal and competitively sensitive data. The move is a departure from the traditional reactive response of simply notifying consumers after their personal data is breached.

With this shift in emphasis, companies are asking the obvious questions: “What are we expected to do and what is a proactive cybersecurity compliance program?”

Both on the state level and through federal regulatory agencies, the government is beginning to dictate a comprehensive compliance approach to data protection. Late last year, the U.S. Securities and Exchange Commission’ s Cybersecurity Examination Initiative directed broker-dealers to “further assess cybersecurity preparedness in the securities industry.” Thus, the SEC announced that it “will focus on key topics including governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.”

SEC Playing  Bigger Role in Cybersecurity

Cybersecurity threats have reached a point where they cannot go ignored by any government agency,even the U.S. Securities and Exchange Commission. Although an agency that is tasked with protecting investors is not one that typically comes to mind in the battle against cyberthreats,the SEC does maintain jurisdiction over cybersecurity issues for public companies, broker dealers and investment advisers, due to its responsibilities for ensuring the disclosure of material information, integrity of market systems and customer data protection.

The Securities and Exchange Commission’s Guidance On Cybersecurity and Cyber Incident Disclosure

BY MELISSA J. KRASNOW Background The U.S. Securities and Exchange Commission on occasion provides disclosure guidance on topics of interest to the business and investment communities. The SEC said recently that it has observed ‘‘an increased level of attention focused on cyberattacks.’’ The rash of costly cyberattacks against companies like Epsilon and Sony, among others,… Read More