The U.S. Securities and Exchange Commission (SEC) has proposed cybersecurity rules that represent a revolutionary approach to cybersecurity and will affect all firms in the alternative investment industry – including yours.
Regulatory pressure is rising – and firms must prepare now to ensure they can meet and exceed current and future expectations. But what will the SEC’s new cybersecurity rules really mean for your business?
On Dec. 7, 2022, Drawbridge presented a live session taking a deep dive into the SEC’s proposed rule change – and how firms will be expected to comply.
If you missed the live event, you can still catch the on-demand version here:
Some key topics we discussed include:
- SEC Examination Priorities in 2022 (2:58)
The SEC examination priorities this year placed a renewed focus on cybersecurity across several areas. Aside from traditional topics like vendor oversight and phishing controls and training, the SEC expanded their focus to include operational resilience, ransomware prevention, work from home cyber policies and more.
- Proposed SEC Rule for Companies and Advisors (7:54)
The proposal requires traditional cybersecurity processes including risk assessments and vulnerability management as well as new topics such as board oversight, incident response and annual reviews that require enhanced reporting.
- New requirements for your firm (15:43)
Funds of all sizes will need to remain compliant with these rules. The technical controls including policies, risk assessments and cybersecurity training can be easily outsourced – but there will be additional actions required by your firm, including:
- Internal team training to comply with the new 48-hour incident reporting deadline
- Data flow mapping to understand vulnerabilities and enable you to implement the required mitigation tactics
- Reporting on the fund’s current and future cybersecurity preparedness to board members
- Preparation is key (22:02)
Taking the right steps today will put you ahead of the game when these rules are implemented. This is the time to review your risk assessments, vulnerability management, incident response planning and recordkeeping processes. Identify gaps, implement the right policies and processes to address those gaps, and confidently set yourself on the road to compliance.
Contact us to learn more about how Drawbridge can help your firm prepare now for the proposed rules.