Drawbridge On-Demand Webinar: Unpacking the SEC’s Proposed Rule Changes

Last month’s release of a comprehensive proposed rule change by the SEC was a welcome evolution of their approach to cybersecurity. Currently, there are “no Commission rules that specifically require firms to adopt and implement comprehensive cybersecurity programs”[1]. Despite the Commission’s emphasis on good cyber hygiene within the examinations, this marks the beginning of a revolutionary approach to cybersecurity. The proposed release of a comprehensive rule may solidify the expectations of a firm to achieve compliance with SEC cybersecurity requirements.

The rules will focus on 5 key areas[2]:

  • risk assessment, including assessment of risks associated with certain service providers, oversight of such providers, and appropriate written contracts with such providers;
  • user security and access;
  • information protection;
  • cybersecurity threat and vulnerability management; and
  • cybersecurity incident response and recovery.

Watch the on-demand webinar below!

[1] https://www.sec.gov/rules/proposed/2022/33-11028.pdf Page 13

[2] https://www.sec.gov/rules/proposed/2022/33-11028.pdf Page 93